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(54) Digital work protection system, record/playback device, recording medium device, and 
model change device 



(57) Disclosed is a system (100) composed of a 
main device (300) and a recording medium device 
(400), The main device includes: a reception unit (300) 
that receives a digital work from an external distribution 
server (200); an internal storage area for storing the dig- 
ital work; a playback unitthat plays back the digital work; 
a unique information storage area for storing information 
that is unique to the main device; an encryption unitthat 



encrypts the digital work using the unique information; 
a decryption unit that decrypts, using the unique infor- 
mation, the encrypted digital work having been read 
from the recording medium device; a write unit that 
writes the encrypted digital work into the recording me- 
dium device which Is portable; and a read unitthat reads 
the encrypted digital work from the recording medium 
device. 
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Description 

[0001] This application is based on an application No. 
2001 -208532 filed in Japan, the content of which is here- 
by incorporated by reference. 1 

BACKGROUND OF THE INVENTION 

(1) Field of the Invention 

[0002] The present invention relates to a technique to 
distribute, receive, record, and play back digital works 
over a network. 

(2) Description of the Related Art 

[0003] Thanks to recent technological advance, digit- 
al works, such as digitized documents, music, images, 
and programs, have been distributed over a network 
typified fay the Internet, which allows users to easily re- 
trieve various digital works via a network, and record the 
retrieved digital works onto a separate recording medi- 
um to play back, 

[0004] However, the above advantage that users are 
allowed to conveniently replicate digital works is inevi- 
tably attended with a problem in that the copyrights of 
digital works maybe' infringed easily. 

SUMMARY OF THE INVENTION 

[0005J To address the above problem, an object of the 
present invention is to provide a digital work protection 
system, a record/playback device, a recording medium 
device, a model change device, a record/playback 
method, a record/playback program; and a recording 
medium storing a record/playback program, each of 
which records a digital work stored in the internal mem- 
ory of a record/playback device into a portable recording 
medium device in a manner to prohibit playback of the 
recorded digital work with any other device than the 
record/playback device employed at the time of the re- 
cording. 

[0006] To achieve the above object, in one aspect of 
the present invention, a digital work protection system 
for recording and playing back digital work, comprises 
a portable recording medium device including a storage 
area and being attached to a record/playback device 
and the record/playback device. The record/playback 
device includes: an internal storage unit operable to 
store a content that is a digital work; a unique informa- 
tion storage unit operable to prestore device unique in- 
formation that is unique to the record/playback device; 
an encryption unit operable to encrypt the stored content 
based on the prestored device unique information to 
generate encrypted information; a write unit operable to 
write the generated encrypted information into the stor- 
age area of the recording medium device; a read unit 
operable to read the encrypted information from the 



storage area of the recording medium device; a decryp- 
tion unit operable to decrypt the read encrypted infor- 
mation based on the prestored device unique informa- 
tion stored in the unique information storage unit to gen- 
erate a decrypted content; and a playback unit operable 
to play back the generated decrypted content. 
[0007] With this construction, the record/playback de- 
vice encrypts the content based on the device unique 
information that is unique to the record/playback device 
o to generate the encrypted information, and records the 
generated encrypted information on to the recording 
medium device, in order to play back the content, the 
record/playback device decrypts the encrypted informa- 
tion based on the device unique information stored in 
5 record/playback device. Thus, there is an effect that the 
encrypted information stored in the recording medium 
device is neither decrypted nor played back by any other 
device than the record/playback device having the 
unique information stored therein. 
?0 [0008] Here, it is preferable that the encryption unit 
encrypts the content using the device unique informa- 
tion as a key to generate the encrypted information, and 
the decryption unit decrypts the read encrypted informa- 
tion using the device unique information as a key. 
25 [0009] With this construction, the content is encrypted 
using the device unique information as a key to generate 
the encrypted information, and the read encrypted infor- 
mation is decrypted using the device unique information 
as a key. Thus, the encrypted information stored in the 
so recording medium device is not decrypted or played 
back by any device that dose not have the device unique 
information. 

[0010] Here, it is preferable that the record/playback 
device further includes a condition storage unit operable 
35 to store usage condition information showing a permis- 
sive condition for use of the content; and a condition 
judgment unit operable to judge whether use of the con- 
tent is permitted according to the usage condition infor- 
mation. 

40 [0011] With this construction, the record/playback de- 
vice prestores the usage condition information showing 
a permissive condition for use of the content, judges ac- 
cording to the usage condition information whether use 
of the content is permitted. The decrypted content is 

45 played back only when the content is judged to be per- 
mitted. Thus, the content is protected from being used 
when the conditions shown by the usage condition in- 
formation is not met. 

[0012] Here, it is preferable that both the unique infor- 
50 mation storage unit and the condition storage unit are 
read-protected as well as write-protected against any 
external device unless the device is specifically permit- 
ted to read or write the unique information and the usage 
condition information. 
55 [0013] With this construction, the unique information 
storage unit and the condition storage unit are write-pro- 
tected and read-protected against any external device. 
Thus, the device unique information and the usage con- 
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drtion information are protected from being leaked out. 
[0014] Here, it is preferable that the encryption unit 
generates a title key that Is unique to the content, en- 
crypts the generated title key using the device unique 
information as a key to generate an encrypted title key, 
encrypts the content using the generated title key as a 
key to generate an encrypted content, and generate the 
encrypted information that is composedof the encrypted 
title key and the encrypted content, the write unit writes 
the encrypted information that is composed of the en- 
crypted title key and the encrypted content the read unit 
reads the encrypted information that Is composed of the 
encrypted title key and the encrypted content, the de- 
cryption unit decrypts the encrypted title key included in 
the read encrypted information using the device unique 
information as a key to generate a decrypted title key, 
and decrypts the encrypted content Included in the read 
encrypted Information using the decrypted title key as a 
key to generate the decrypted content, and the record- 
ing medium device includes the storage area for storing 
the encrypted information that is composed of the en- 
crypted title key and the encrypted content. 
[0015J With this construction, the record/playback de- 
vice encrypts the generated title key using the device 
unique information as a key thereby to generate the en- 
crypted title key, and encrypts the content using the gen- 
erated title key as a key thereby to generate the encrypt- 
ed content Also, the record/playback device decrypts 
the encrypted title key using the device unique informa- 
tion as a key to generate the decrypted title key, and 
decrypts the read encrypted content using the generat- 
ed decrypted title key as a key to generate the decrypted 
content. Thus, the encrypted title key stored in the re- 
cording medium device is not decrypted by any other 
device.-than the record/playback device having the de- 
vice unique information stored therein. Consequently, 
the encrypted content is decrypted only by the record/ 
playback device. 

[0016] Here 5 it is preferable that the record/playback 
device further Includes a first authentication unit opera- 
ble to perform mutual authentication with a second au- 
thentication unit included in the recording medium de- 
vice before the write unit writes the encrypted informa- 
tion into the storage area or before the read unit reads 
the encrypted information from the storage area, the re- 
cording medium device further includes the second au- 
thentication unit operable to perform mutual authentica- 
tion with the first encryption unit included in the record 
and playback unit, and the storage area includes a first 
storage area and a second storage area, the second 
storage area being writable and readable only when the 
mutual authentication is established by the first authen- 
tication unit, the write unit writes the encrypted content 
Into the first storage area, and only when the mutual au- 
thentication is established by the first authentication 
unit, writes the encrypted title key into the second stor- 
age area, and the read unit reads the encrypted content 
from the first storage area, and only when the mutual 



authentication is established by the first authentication 
unit, reads the encrypted title key from the second stor- 
age area. 

[0017] With this construction, the record/playback de~ 
s vice and the recording medium device mutually authen- 
ticate each other Only when the mutual authentication 
is established, the record/playback device writes the en- 
crypted title key into the recording medium device, or 
reads the encrypted title key from the recording medium 
10 device. Thus, it is prevented that the content is readfrom 
or written by any illegitimate devices. 
[0018] Here, it is preferable the record/playback de- 
vice further includes: a condition storage unit operable 
to store usage condition information showing a pemnis- 
is sive condition for use of the content; and a condition 
judgment unit operable to Judge whether use of the con- 
tent is permitted according to the usage condition infor- 
mation, 

[0019] With this construction, the usage condition is 
20 stored into the recording medium device, and the judg- 
ment as to whether use of the content is permitted is 
made according to the usage condition. 
[0020] Here, it is preferable that the write unit reads 
the usage condition from the condition storage unit and 
25 writes the read usage condition information into the sec- 
ond storage area only when the mutual authentication 
is established by the first authentication unit, the read 
unit reads the usage condition from the second storage 
area and writes the read usage condition into the usage 
so condition storage unit only when the mutual authentica- 
tion is established by the first authentication unit, and 
the condition judgment unit judges whether use of the 
content is permitted according to the usage condition 
information stored in the condition storage unit. 
[0021 ] With this construction, the record/playback de- 
vice and the recording medium device mutually authen- 
ticate each other. Only when the mutual authentication 
is established, the record/playback device writes the us- 
age condition into the recording medium device or reads 
the usage condition from the recording medium device. 
Further, the record/playback device judges whether use 
of the content is permitted according to the read usage 
condition information. Thus, the usage condition infor- 
mation is recorded into the recording medium device to- 
gether with the content. 

[0022] Here, it is preferable the usage condition Infor- 
mation stored in the condition storage unit shows a per- 
mitted playback number of times, a permitted playback 
period, a permitted total playback time, a permitted 
number of times for copying the content, or a permitted 
number of times for moving the content, and the condi- 
tion judgment unit (i) judges to play back the content 
only when the number of times of actual playback of the 
content by the playback unit is equal to or less than the 
permitted playback number of times, a date and time at 
which the content is to be played back by the playback 
unit is within the permitted playback period, and a total 
time of actual playback is equal to or less than the per- 
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mitted total playback time, (ii) judges to copy the content 
to the recording medium device only when the permitted 
number of times for copying the content is equal to 1 or 
greater, and (Hi) judges to move the content to the re- 
cording medium device only when the permitted number 
of times for moving the content is equal to 1 or greater. 
[0023] With this construction, the usage condition 
shows a pemnitted playback number of times, a permit- 
ted playback period, or a permitted total playback time, 
a permitted number of times for copying the content, or 
a permitted number of times for moving the content. 
Thus, usage of the content is limited in a variety of ways. 
[0024] Here ; it is preferable that the record/playback 
device further includes an authentication judgment unit 
operable to judge whetherthe recording medium device 
includes the second authentication unit, and the encryp- 
tion unit further encrypts the content using the device 
unique information as a key to generate the encrypted 
information when the recording medium device is 
judged not to include the second authentication unit, the 
write unit further writes the generated encrypted infor- 
mation into the storage area of the recording medium 
device when the recording medium device is judged not 
to include the second authentication unit, the read unit 
further reads the encrypted information from the storage 
area of the recording medium device when the recording 
medium device is judged not to include the second au- 
thentication unit, and the decryption unit further decrypts 
the read encrypted information using the device unique 
information as a key when the recording medium device 
is judged not to include the second authentication unit. 
[0025] With this construction, the encryption is done 
in a different manner depending on whetherthe record- 
ing medium device includes an authentication unit, 
which makes it possible that the digital work protection 
system is used in a variety of ways, 
[0026] Here, it is preferable the recording medium de- 
vice further prestores medium unique information that 
is unique to the recording .medium device, the internal 
storage unit stores a unique information type in associ- 
ation with the content, the unique information type show- 
ing whetherthe content is to be encrypted based on the 
device unique information or the medium unique infor- 
mation, the record/playback device further includes a 
unique information judgment unit operable to judge, ac- 
cording to the unique Information type stored in the in- 
ternal storage unit, whetherthe content is to be encrypt- 
ed based on the device unique information or the medi- 
um unique information, the encryption unit (i) encrypts 
the content based on the device unique information to 
generate the encrypted information when the unique in- 
formation judgment unit judges the content to be en- 
crypted based on the device unique information, and (ii) 
reads the medium unique informationfromthe recording 
medium device to encrypt the content based on the read 
medium unique information to generate the encrypted 
information when the unique information judgment unit 
judges the content to be encrypted based on the medi- 



um unique information, the decryption unit (i) decrypts 
the read encrypted information based on the device 
unique information to generate the decrypted content 
when the unique information judgment unit judges the 

5 content to be encrypted based on the device unique in- 
formation, and (ii) reads the medium unique information 
from the recording medium device to decrypt the read 
encrypted information with the use of the read medium 
unique information to generate the decrypted content 

10 when the unique information judgment unit judges the 
content to be encrypted based on the device unique in- 
formation. 

[0027] With this construction, different unique infor- 
mation is used in the encryption depending on the 
*s unique information type, which makes it possible that 
the digital work protection system is used in a variety of 
ways, 

[0028} Alternatively, in another aspect of the present 
invention, provided is a model change device used for 
20 replacing a first record/playback device with a second 
record/playback device due to change in a contract be- 
tween a user and a service provider, the first record/ 
playback device being usable under the contract. The 
first record playback device includes: a first internal stor- 
es age unit operable to store a content that is a digital work; 
a first unique information storage unit operable to 
prestore device unique information that is unique to the 
first record/playback device; a first encryption unit oper- 
able to encrypt the content stored in the first internal 
so storage unit based on the device unique information 
stored in the first unique information storage unit to gen- 
erate encrypted information; a first write unit operable 
to write the generated encrypted information into a stor- 
age area of a recording medium device, a first read unit 
35 operable to read the encrypted information from the 
storage area of the recording medium device; a first de- 
cryption unit operable to decrypt the read encrypted in- 
formation based on the device unique information 
stored in the first unique information storage unit to gen- 
40 erate a decrypted content; and a first playback unit op- 
erable to play back the generated decrypted content. 
The recording medium device includes the storage area 
for storing the encrypted information. The second 
record/playback device includes: a second internal stor- 
45 age unitthat includes an internal storage area for storing 
a content that is a digital work; a second unique Infor- 
mation storage unitthat includes an internal storage ar- 
ea for storing device unique information; a second en- 
cryption unit operable to encrypt the content stored in 
50 the second interna! storage unit based on the device 
unique information stored in the second unique informa- 
tion storage unit to generate encrypted information; a 
second write unit operable to write the generated en- 
crypted information into the storage area of the memory 
55 device, a second read unit operable to read the encrypt- 
ed information from the storage area of the memory de- 
vice; a second decryption unit operable to decrypt the 
read encrypted information based on the device unique 
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information stored in the second unique information 
storage unit to generate a decrypted content; and a sec- 
ond playback unit operable to play back the generated 
decrypted content. The model change device includes: 
a third read unit operable to read the device unique in- 5 
formation stored in the first unique information storage 
unit, and delete the device unique information from the 
first unique information storage unit; and a third write 
unit operable to write the read device unique Information 
into the second unique information storage unit, w 
[0029] With this construction, the model change de- 
vice reads the device unique information stored in the 
first unique information storage unit of the first record/ 
playback device, deletes the device unique information 
from the first unique information storage unit, and writes is 
the read device unique information into the second 
unique Information storage unit of the second record/ 
playback device. Thus, even after the model change, 
the content stored into the recording medium device by 
the first record/playback device is allowed to be used by so 
the second record/playback device. In addition, after the 
model change, the first record/playback device is no 
longer allowed to use the content, 
[0030] Alternatively, in another aspect of the present 
invention, provided is a model change device used for 25 
canceling a record/playback device that has been usa- 
ble under a contract between a user and a service pro- 
vider. The record/playback device includes: an internal 
storage unit operable to store a content that is a digital 
-work; a unique information storage unit operable to so 
prestore (i) device unique information that is unique to 
the record/playback device and (ii) contract information 
.^regarding the contract, the device unique information 
rbeing independent of the contract information; an en- 
cryption unit operable to encrypt the content stored in 35 
the internal storage unit based on the device unique in- 
formation stored In the unique information storage unit 
to generate encrypted information; a write unit operable 
to write the generated encrypted information into a stor- 
age area of a recording medium device; a read unit op- 40 
erabie to read the encrypted information from the stor- 
age area of the recording medium device; a decryption 
unit operable to decrypt the read encrypted information 
based on the device unique information stored in the 
unique information storage unit to generate a decrypted 
content; and a playback unit operable to play back the 
generated decrypted content. The recording medium 
device includes the storage area for storing the encrypt- 
ed information. The model change device includes: a 
read unit operable to read the contract information from 50 
the unique information storage unit; and a cancellation 
unit operable to perform processing to cancel the con- 
tract with reference to the read contract information, 
[0031 ] With th is construction, the record/playback de- 
vice prestores the device unique information that is in- ss 
dependent of the contract information. The model 
change device reads the contract information stored in 
the unique information storage unit and performs 
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processing to cancel the contract with reference to the 
read contract information. Thus, even after the cancel- 
lation of the contract under which the record/playback 
device is usable, the content stored in the recording me- 
dium device is still allowed to be played back by the 
record/playback device, 

[0032] Alternatively, in another aspect of the present 
invention, provided is a model change device used for 
changing a first contract under which a record/playback 
device is usable to a second contract. The first contract 
is made between a user and a first service provider and 
the second contract is made between the user and a 
second service provider The record/playback device in- 
cludes: an internal storage unit operable to store a con- 
tent that is a digital work; a unique information storage 
unit operable to store (i) device unique information that 
is unique to the record/playback device and (ii) first con- 
tract information regarding the first contract, the device 
unique information being independent of the contract in- 
formation; an encryption unit operable to encrypt the 
content stored in the internal storage unit based on the 
device unique Information stored in the unique informa- 
tion storage unit to generate encrypted information; a 
write unit operable to write the generated encrypted in- 
formation into a storage area of a recording medium de- 
vice; a read unit operable to read the encrypted infor- 
mation from the storage area of the recording medium 
device; a decryption unit operable to decrypt the read 
encrypted information based on the device unique infor- 
mation stored in the unique information storage unit to 
generate a decrypted content; and a playback unit op- 
erable to play back the generated decrypted content. 
The recording medium device includes the storage area 
for storing the encrypted information. The mode! change 
device includes; a read unit operable to read the first 
contract Information from the unique information stor- 
age unit; a contract cancellation and change unit oper- 
able to perform processing to cancel the first contract 
with reference to the readfirst contract information, and 
perform processing to make the second contract to gen- 
erate second contract information regarding the second 
contract; and a write unit operable to write the generated 
second contract information into the unique information 
storage unit, and delete the first contract information 
from the unique Information storage unit. 
[0033] With this construction, the record/playback de- 
vice prestores the device unique information that is in- 
dependent of the first contract information. The model 
change device reads the first contract information from 
the record/playback device, performs processing to 
cancel the first contract with reference to the first con- 
tract information, performs processing to make the sec- 
ond contract and to generate the second contract infor- 
mation regarding the second contract, writes the gener- 
ated second contract information into the unique infor- 
mation storage unit of the record/playback device, and 
deletes the first contract information from the unique in- 
formation storage unit. Thus, even after the service pro- 
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vider of the record/playback device is changed to anoth- 
er service provider, the content stored in the recording 
medium device is still played back. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0034] These and the other objects, advantages and 
features of the inventionwill become apparent from the 
following description thereof taken in conjunction with 
the accompanying drawings which illustrate a specific 
embodiment of the invention, 
[0035J In the drawings: 

FIG. 1 is a block diagram showing the entire con- 
struction of a digital work distribution system 100; 
FIG, 2 is a block diagram showing the construction 
of a content distribution server device 200; 
FIG. 3 is a block diagram showing the constructions 
of a mobile phone 300 and a memory card 400; 
FIG. 4 is a flowchart showing the operations of the 
digital work distribution system 100; 
FIG. 5 is a block diagram showing the construction 
of a memory card 400b; 

FIG. 6 is a block diagram showing the construction 
of a mobile phone 300b; 

FIG. 7 is a flowchart showing the operations per- 
formed by the mobile phone 300b to generate an 
encrypted content and to write the encrypted con- 
tent into the memory card 400b; 
FIG. 8 is a flowchart showing; the operations per- 
formed by the mobile phone 300b to read the en- 
crypted content from the memory card 400b and to 
generate the content; 

FIG. 9 shows the operations to play back the con- 
tent performed by a mobile phone A and by a mobile 
phone X; 

FIG, 10 is a block diagram showing the construc- 
tions of a mobile phone 300c and the memory card 
400; 

FIG. 11 is a flowchart showing the operations of the 
mobile phone 300c; 

FIG. 1 2 is a flowchart showing the operations of the 
mobile phone 300c when the usage condition is a 
permitted playback period; 

FIG. 13 is a flowchart showing the operations of the 
mobile phone 300c when the usage condition is the 
permitted total amount of playback time; 
FIG. 14 is a block diagram showing the construction 
of a memory card 400d; 

FIG. 15 is a block diagram showing the construction 
of a mobile phone 300d; 

FIG, 16 is a block diagram showing the construction 
of an encryption/decryption unit 380d; 
FIG. 17 is a flowchart showing the entire operations 
of a digital work distribution system 100d; 
FIG, 18 is a flowchart showing the operations per- 
formed for mutual authentication between the mo- 
bile phone 300d and the memory card 400d; 



FIG. 19 is a flowchart showing the operations per- 
formed by the mobile phone 300d for storage 
processing; 

FIG. 20 is a flowchart showing the operations per- 
5 formed by the mobile phone 300d for read process- 
ing; 

FIG, 21 is a block diagram showing the construction 

of a model change system 600e; 

FIG. 22 is a flowchart showing the operations of the 
10 model change system 800e; 

FIG, 23 is a block diagram showing the construction 

of a model change system 600g; 

FIG. 24 is a block diagram showing the construction 

of a model change system 600m; 
is FfG, 25 is a flowchart showing the operations of the 

model change system 600m; 

FIG. 26 is a flowchart showing the operations of a 

modified model change system 600m; 

FIG, 27 is a block diagram showing the construc- 
ts tions of a mobile phone 3001 and a memory card 

400i; 

FIG. 28 is a flowchart showing the operations of a 
digital work distribution system 100i; 
FIG. 29 shows the data construction of a right infor- 
ms mation table 61 0 that is stored in a content storage 
unit 201 of a content distribution server device 200j; 
FIG. 30 is a block diagram showing the construction 
of a memory card 400j; 

FIG. 31 is a flowchart showing the operations per- 
30 formed to obtain a content from the content distri- 
bution server device 200J; 

FIG. 32 is a flowchart showing the operations for re- 
obtaining the once obtained content when a user 
deletes the encrypted content stored in the memory 
35 card 400j by mistake; 

FIG. 33 shows the data construction of a content 
information table 620 that is stored in the content 
storage unit 201 of a content distribution server de- 
vice 200k; 

40 FIG. 34 is a block diagram showing the construc- 
tions of a mobile phone 300k and a memory card 
400k; 

FIG. 35 is a flowchart showing the operations per- 
formed by the mobile phone 300k to obtain a con- 
45 tent and to write the obtained content into the mem- 
ory card 400k; and 

FIG. 36 is a flowchart showing the operations per- 
formed by the mobile phone 300k to decrypt an en- 
crypted content stored in the memory card 400k and 
so to play back the decrypted content. 

DESCRIPTION OF THE PREFERRED EMBODIMENT 

1. PREFERRED EMBODIMENT 1 

[0036] First, description is given to a digital work dis- 
tribution system 1 00 consistent with preferred embodi- 
ment 1 of the present invention. 
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[0037] The digital work distribution system 1 00 aims 
to provide a digital work protection system, a main de- 
vice, and a recording medium device, each of which 
records a digital work (for example, a ringer melody or 
a standby screen) into a portable recording medium de- 
vice using a main device, such as a mobile phone, in a 
manner to prohibit playback of the digital work by any 
other device than the main device used upon the record- 
ing. 

1 . 1 Construction of Digital Work Distribution System 1 00 

£0038] As shown in the block diagram in FIG. 1 , the 
digital work distribution system 100 is composed of a 
content distribution server device 200, the Internet 10, 
a gateway device 40, a mobile phone network 20, a ra- 
dio base station 30, a mobile phone 300, and a memory 
card 400. 

[0039] The content distribution server device 200 is 
connected to the radio base station 30 via the Internet 
10 and the mobile phone network 20. The radio base 
station 30 transmits information to or from the mobile 
phone 300 via radio waves. The gateway device con- 
nects the internet 1 0 and the mobile phone network 20, 
and performs conversion of the communications proto- 
col between the internet 10 and the mobile phone net- 
work 20. 

[0040] • In response to a user operation received from 
the mobile phone 300, the content distribution server de- 
vice 200 attributes a digital work, Le„ a piece of music 
as one example, to the mobile phone 300 via the internet 
10, the mobile phone network 20, and the radio base 
station -30. The mobile phone 300 then receives the con- 
tent, encrypts the received content, and records the en- 
crypted content into the memory card 400. Further, in 
response to a user operation, the mobile phone 300 
reads the encrypted content stored in the memory card 
400, decrypts the content, and then plays back the de- 
crypted content. 

1 .2 Construction of Content Distribution Server Device 
200 

[0041] As shown in the block diagram in FIG. 2, the 
content distribution server device 200 fs composed of a 
content storage unit 201 , a control unit 202, and a trans- 
mission/reception unit 203. 

[0042] To be more specific, the content distribution 
server device 200 is a computer system composed of a 
microprocessor, ROM, RAM, a hard disc unit, a display 
unit, a key board, a mouse, and other components. The 
RAM or the hard disc unit stores a computer program, 
and the content distribution server device 200 performs 
its function by the microprocessor executing the com- 
puter program. 

[0043] The content storage unit 201 prestores a con- 
tent 600, which in this example is a ringer melody. Here, 
the term ringer melody used herein refers to a piece of 



music that is played back for signaling the mobile phone 
user of an incoming call. Mote that the content may be, 
for example, a standby screen for mobile phone, kara- 
oke data, and a game program written in Java. 
5 [0044] The control unit 202 receives a content ID and 
payment information from the mobile phone 300 via the 
radio base station 30, the mobile phone network 20, the 
Internet 10, and the transmission/reception unit 203. 
Here, the transmission of the content ID and the pay- 
10 rnent information are performed in a secure manner 
through the use of a secure, authentication communi- 
cations protocol, such as SSL (Secure Socket Layer) 
protocol. The content ID is an identifier identifying the 
content that the user selects to purchase, and the pay- 
's ment information is information indicating payment 
made for purchasing the content. Upon receipt of the 
content ID and the payment information, the control unit 
202 performs processing for receiving the payment 
based on the payment information. 
so [0045] Next, the control unit 202 reads a content that 
corresponds to the received content ID from the content 
storage unit 201 , and transmits the read content to the 
mobile phone 300 via the transmission/reception unit 
203, the Internet 10, the mobile phone network 20, and 
25 the radio base station 30. Here, the content is transmit- 
ted from the content distribution sever device 200 to the 
mobile phone 300 in a secure manner through the use 
of a secure content distribution system, such as EMMS 
(Electronic Music Management System), 
50 [0046] The transmission/reception unit 203 performs 
transmission and reception of information with external 
devices connected thereto via the Internet 10. 

1.3 Construction of Memory Card 400 

35 

[0047] As shown in FIG. 3, the memory card 400 in- 
cludes an external storage unit 41 0 that has storage ar- 
eas for storing varies types of information. 
[0048] The memory card 400 is attached by the user 
40 to the mobile phone 300, so that various types of infor- 
mation are written into and read from the external stor- 
age unit 41 0 by the mobile phone 300. 

1.4 Construction of Mobile Phone 300 

45 

[0049] As shown in FIG. 3, the mobile phone 300 is 
composed of an antenna 367, a transmission/reception 
unit 361 , an audio control unit 382, a speaker 363, a 
microphone 364, an input unit 365, a control unit 366, a 

so display unit 368, a content purchasing unit 301 , a con- 
tent obtaining unit 302, an internal storage unit 303, a 
playback unit 304, a unique information storage unit 
31 0, a write unit 330, a read unit 350, and an encryption/ 
decryption unit 3B0. The encryption/decryption unit 380 

55 js composed of an encryption unit 320 and a decryption 
unit 340. 

[0050] To be more specific, the mobile phone 300 is 
composed of a microprocessor, ROM, RAM, a liquid 
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crystal display unit, a ten-key, and other components, 
The BAM stores a computer program, and the mobile 
phone 300 performs its function partly by the microproc- 
essor operating in accordance with the computer pro- 
gram. 

(1) Antenna 367, Transmission/Reception unit 361 , 
Audio control Unit 362, Speaker 363, Microphone 364, 
Input unit 365, Control Unit 366, and Display Unit 368 

[0051 ] The antenna 367 transmits and receives radio 
waves. 

[0052] The transmission/reception unit 361 performs 
transmission and reception of various types of informa- 
tion between the audio control unit 362 and another mo- 
bile phone via the mobile phone network 20, the radio 
base station 30, and the antenna 367. In addition, the 
transmission/reception unit 361 performs transmission 
and reception of various types of information between 
the content distribution server device 200 and content 
purchasing unit 301 or between the content distribution 
server device 200 and the content obtaining unit 302 via 
the Internet 10, the mobile phone network 20, the radio 
base station 30, and the antenna 367, 
[0053] The audio control unit 362 converts audio in- 
formation that is received from another mobile phone 
into electrical analog signals, and outputs the resulting 
signals to the speaker 363. In addition, theaudio control 
unit 362 converts electrical analog signals that the mi- 
crophone 364 receives into audio information, and out- 
puts the resulting audio information to another mobile 
phone, 

[0054] The speaker 363 performs conversion of the 
electrical analog signals into audio data, followed by au- 
dio output,, whereas the microphone 364 performs con- 
version of the audio input into electrical analog signals, 
followed by output of the resulting signals to the audio 
control unit 362. 

[0055] The input unit 365 is provided with a ten-key 
and other keys, and receives various inputs from the us- 
er 

[0056] The control unit 366 controls the operations of 
each unit constituting the mobile phone 300. 
[0057] The display unit 368 is composed of a liquid 
crystal display unit, and displays various types of infor- 
mation. 

(2) Unique Information Storage Unit 310 

[0058] The unique information storage unit 310 is 
composed of a semiconductor memory that is protected 
from being externally read or written with any devices 
other than a specifically permitted device such as a 
model change device, which will be described later. The 
unique information storage unit 31 0 prestores unique in- 
formation. 

[O059] Here, the unique information refers to informa- 
tion that is unique to the mobile phone 300 and that is 



composed of the telephone number allotted to the mo- 
bile phone, a randomly generated number allotted to the 
mobile phone, or the like, 

5 (3) Internal Storage Unit 303 

[0060] The interna! storage unit 303 is composed of 
a semiconductor memory that is neither readable nor 
writable externally, and has storage areas for storing 
10 contents received from the content distribution server 
device 200. 



(4) Content Purchasing Unit 301 

15 [0061] The content purchasing unit 301 receives from 
the input unit 365 a content ID identifying the content 
that the user selects to purchase, generates payment 
information indicating the necessary payment made for 
purchasing the content, and transmits the content ID to- 
bo gether with the payment information to the content dis- 
tribution server device 200 via the transmission/recep- 
tion unit 361 , the antenna 367, the radio base station 
30, the mobile phone network 20, and the Internet 1 0. 
[0062] Here, transmission of the content ID and the 
25 payment information between the mobile phone 300 
and the content distribution server device 200 is per- 
formed in a secure manner through the use of, for ex- 
ample, the SSL protocol. 

30 (5) Content Obtaining Unit 302 

[0063] The content obtaining unit 302 receives a con- 
tent from the content distribution server device 200 via 
the internet 10, the mobile phone-network 20, the radio- 
as base station 30, the antenna 367, and the transmission/ 
reception unit 361 , and writes the received content into 
the internal storage unit 303 as a content 601 . 
[0064] Here, transmission of the content from the con- 
tent distribution server device 200 to the mobile phone 
40 300 is performed in a secure manner through the use 
of, for example, the EMMS system, 

(6) Playback Unit 304 

45 [0065] in response to a playback instruction inputted 
by the user via the input unit 365, the playback unit 304 
reads the content 601 from the internal storage unit 303, 
and plays back the read content to output. 
[0066] Here, in the case where the read content is a 
so piece of music, the playback unit 304 converts the con- 
tent into electrical analog signals, and outputs the re- 
sulting signals to the speaker 363. 
[0067] Alternatively, in the case where the read con- 
tent is a standby screen for mobile phones, the playback 
55 unit 304 converts the read content into pixel information, 
and outputs the resulting pixel information to the display 
unit 368. 

[0068] As above, the playback unit 304 performs dif- 
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ferent processing depending on the type of content. 

(7) Encryption Unit 320 

[0069] In response to a write instruction inputted by s 
the user via the input unit 365, the encryption unit 320 
reads the content 801 from the internal storage unit 303, 
and the unique information form the unique information 
storage unit 310. 

[0070] Next, the encryption unit 320 applies encryp- 10 
tion algorithm E1 to the read content using the read 
unique information as a key to generate an encrypted 
content, and outputs the encrypted content to the write 
unit 330. 

[0Q71] Here, as one example, encryption algorithm *5 
E1 is an algorithm based on DES (Data Encryption 
Standard). 

[0072] Note that each block shown in FIG. 3 is con- 
nected with another block with a connecting line, but 
some of the connecting lines are omitted in the figure, so 
Here, each connecting line shows a path through which 
signals and information are transmitted. Further, among 
a plurality of connecting lines that are in direct connec- 
tion with the block representing the encryption unit 320, 
each connecting line marked with a key symbol repre- 23 
sents a path through which information that serves as a 
key is transmitted. The same description applies to the 
block of the decryption unit 340, and aiso to the corre- 
sponding blocks in other figures. 

30 

(8) Write Unit 330 

[0073]:* The write unit 330 receives the encrypted con- 
tent from the encryption unit 320, and writes the encrypt- 
ed content as an encrypted content 602 into the external 35 
storage unit 410 which is included in the memory card 
400. 

(9) Read Unit 350 

40 

[0074J In response to a read instruction inputted by 
the user via the input unit 365, the read unit 350 reads 
the encrypted content 602 from the external storage unit 
410 of the memory card 400, and outputs the encrypted 
content to the decryption unit 340. 45 

(10) Decryption Unit 340 

[0075] The decryption unit 340 receives the encrypted 
content from the read unit 350, and reads the unique bo 
information from the unique information storage unit 
310. 

[0076] Next, the decryption unit 340 applies decryp- 
tion algorithm 01 to the received encrypted content us- 
ing the read unique information as a key, thereby to gen- 55 
erate the content, and writes the generated content into 
the internal storage unit 303. 

[0077] Here, decryption algorithm D1 is an algorithm 



for performing inversion of encryption algorithm E1 . One 
example of decryption algorithm D1 is an algorithm 
based on DES. 

1.6 Operations of Digital Work Distribution System 100 

[0078] Now, description is given to the operations of 
the digital work distribution system 100 with reference 
to the flowchart shown in FIG, 4. 
[0079] Upon receipt of a content ID via the input unit 
365, the content purchasing unit 301 of the mobile 
phone 300 generates payment information (step S1 01), 
and transmits the content ID and the payment informa- 
tion to the content distribution server device 200 in a 
secure manner through the use of, for example by SSL 
protocol {step S102). 

[0080] The control unit 202 of the content distribution 
server device 200 receives the content ID and the pay- 
ment information from the mobile phone 300 (step 
S102), then performs processing for receiving the pay- 
ment based on the transmitted payment information 
(step S103). Thereafter, the control unit 202 reads from 
the content storage unit 201 the content identified by the 
received content ID (step 81 04), then transmits the read 
content to the mobile phone 300 in a secure manner 
through the use of, for example by SSL protocol (step 
S105). 

[0081] The content obtaining unit 302 of the mobile 
phone 300 receives the content from the content distri- 
bution server device 200 (step S1 05), and writes the re- 
ceived content into the internal storage unit 303 as the 
contented {step S106). 

[0082] Upon receipt of a content write instruction of 
via the input unit 365 (step S107), the encryption unit 
320 reads the content 601 from the internal storage unit 
303 (step S108), and the unique information from the 
unique information storage unit 310 (step S109). Next, 
the encryption unit 320 applies encryption algorithm E1 
using the read unique information as a key, thereby to 
generate an encrypted content (step 311 0) T and the 
write unit 330 writes the encrypted content into the ex- 
ternal storage unit 410 of the memory card 400 as the 
encrypted content 602 (step S111), 
[0083] Alternatively, upon receipt of a content read in- 
struction via the input unit 365 (step S1 07), the read unit 
350 reads the encrypted content 602 from the external 
storage unit 410 of the memory card 400 (step S112), 
andthedecryption unit 340 reads the unique information 
from the unique information storage unit 310 (step 
S113), Next, the decryption unit 340 applies decryption 
algorithm D1 to the received encrypted content using 
the read unique information as a key, thereby to gener- 
ate the content (step S114), and writes the generated 
content into the internal storage unit 303 {step S115). 
[0084] Alternatively, upon receipt of a playback in- 
struction via the input unit 365 (step S1 07), the playback 
unit 304 reads the content 601 from the internal storage 
unit 303 (step 3116), and plays back the read content 
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(stepS 11 7). 

1 .6 Operating Procedure Performed by User of Mobile 
Phone 300 

[0085] Hereinafter, description is given to the operat- 
ing procedure that the user of the mobile phone 300 per- 
forms. 

(1 ) First, with the use of the content purchasing unit 
301 of the mobile phone 300, the user selects and 
purchases a content from among the contents 
stored in the content storage unit 201 of the content 
distribution server device 200, Then, with the use 
of the content obtaining unit 302, the user obtains 
the content that he has purchased. The content is 
then stored into the Internal storage unit 303 of the 
mobile phone 300. 

(2) Next, in the case where the purchased content 
is, for example, a ringer melody, the user makes 
such setting to the mobile phone 300 that the play- 
back unit 304 plays back the ringer melody upon 
receipt of an incoming call, 

(3) Further, the user may store the content 601 that 
he purchased earlier and that is stored in the inter- 
nal storage unit 303 into the memory card 400 in 
the following procedure, 

(3.1) The user attaches the memory card 400 
to the mobile phone 300, and instructs the mo- 
bile phone 300 to store the purchased content 
into the memory card. 

(3.2) In response, the content 601 stored in the 
internal storage unit 303 of the mobile phone 
300 is encrypted by the encryption unit 320 us- 
ing the unique information stored in the unique 
information storage unit 31 0 T and consequently 
an encrypted content is generated, Then, the 
encrypted content is then stored by the write 
unit 330 as the encrypted content 602 into the 
external storage unit 41 0 included in the mem- 
ory card 400. 

(4) Still further, the user may fetch the encrypted 
content 602 from the external storage unit 410 in- 
cluded within the memory card 400, and stores the 
fetched content into the internal storage unit 303 of 
the mobile phone 300 in the following procedure. 

(4.1) The user attaches the memory card 400 
into the mobile phone 300 r and instructs the 
mobile phone 300 to fetch the encrypted con- 
tent from the memory card 400. 

(4.2) In response, the encrypted content 602 
stored in the external storage unit 41 0 included 
in the memory card 400 is read by the read unit 



350 of the mobile phone 300- Then, the read 
encrypted content is decrypted by the decryp- 
tion unit 340 using the unique information 
stored in the unique information storage unit 
5 31 0, and consequently, the content is generat- 

ed. The generated content is then stored In the 
internal storage unit 303 of the mobile phone 
300. 

io 1.7 Modification 1 

[0088] The above description is given to the proce- 
dure for storing a content that has been purchased into 
the memory card 400, and for fetching the stored con- 

15 tentfromthe memory card400. Yet, whether the content 
is purchased, l®. t whether obtaining the content re- 
quires payment of a certain fee, is not an essential mat- 
ter to the present invention. That is, for example, the 
above procedure is applicable not only to the content 

20 that the user has purchased, but also to a content, such 
as a free sample l that has been distributed to the user 
free of charge. 

1.8 Modification 2 

25 

[0087] Here t description is given to a mobile phone 
300b and a memory card 400b which are modifications 
of the mobile phone 300 and the memory card 400 r re- 
spectively. 

30 [0088] The mobile phone 300b and the memory card 
400b have constructions similar to the mobile phone 300 
and the memory card 400, respectively. Thus, descrip- 
tion below is given mainly to the differences with the mo- 
bile phone 300 and with the memory card 400. 

36 

(1) Construction of Memory Card 400b 

[0089] As shown in FIG.5, the memory card 400b in- 
cludes a first external storage unit 412 and a second 
40 external storage unit 411 . 

[0090] The second external storage unit 411 has a 
storage area for storing an encrypted title key, which will 
be descried later, while the first external storage unit 412 
has a storage area for storing an encrypted content. 

45 

(2) Construction of Mobile Phone 300b 

[0091] As shown in FIG. 6, the mobile phone 300b in- 
cludes encryption/decryption unit 380b instead of the 

bo encryption/decryption unit 380 that the mobile phone 
300 includes. The mobile phone 300b differs from the 
mobile phone 300 only with this respect Components 
constituting the mobile phone 300b that are identical to 
those constituting the mobile phone 300 are denoted by 

55 the same reference numbers. 

[0092] The encryption/decryption unit 380b includes 
a title key generating unit 321 , an encryption unit 322, 
an encryption unit 323, a decryption unit 342, and de- 
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cryption unit 343. 

(Title Key Generating Unit 321) 

[0093] The title key generating unit 321 generates a 
random number every time the content 601 stored in the 
internal storage unit 303 is encrypted, and outputs to the 
encryption units 322 and 323 the generated random 
number as a title key that is unique to each content, 

(Encryption Unit 322) 

[0094] The encryption unit 322 reads the unique in- 
formation from the unique Information storage unit 31 0, 
and receives the title key from the title key generating 
unit 321. Next, the encryption unit 322 applies encryp- 
tion algorithm E2 to the received title key using the read 
unique information as a key, thereby to generate an en- 
crypted title key and outputs the encrypted title key to 
the write unit 330. 

[0095] Here : encryption algorithm E2, for example, is 
based on DBS. 

(Encryption Unit 323) 

[0096] The encryption unit 323 receives the title key 
from the title key generating unit321,and reads the con- 
tent 601 from the internal storage unit 303. Next, the 
encryption unit 323 applies encryption algorithm E3 to 
the read content using the received title key as a key, 
thereby to generate an encrypted content, and outputs 
the generated encrypted content to the write unit 330. 

(Write Unit 330) 

[0097] The write unit 330 receives the encrypted title 
key from the encryption unit 322, and writes the. received 
encrypted title key into the second external storage unit 
41 1 of the memory card 400b. Further, the write unit 330 
receives the encrypted content from the encryption unit 
323, and writes the received encrypted content into the 
first external storage unit 412 in the memory card 400b. 

(Read Unit 350) 

[0098] The read u nit 350 reads the encrypted content 
from the first external storage unit 41 2 and th e encrypted 
title key and from the second external storage unit 41 1 t 
both units of which are included in the memory card 
400b. The read unit 350 then outputs the read encrypted 
title key and the read encrypted content to the decryp- 
tion unit 342 and the decryption unit 343 , respectively 

(Decryption Unit 342) 

[0099] The decryption unit 342 receives the encrypted 
title key from the read unit 350, reads the unique infor- 
mation from the unique information storage unit 31 0, ap- 



plies decryption algorithm D2 to the received encrypted 
title key using the read unique information as a key, 
thereby to generate the title key, and outputs the gener- 
ated titie key to the decryption unit 343. 
s [0100] Here > decryption algorithm D2 is an aigorithm 
for performing inversion of encryption algorithm E2. One 
example of decryption algorithm D2 is an algorithm 
based on DES. 

10 (Decryption Unit 343) 

[0101] Thedecryption unit343 receives the encrypted 
contentfrom the read unit 350, and the title key from the 
decryption unit 342. The decryption unit 343 then ap- 

15 plies decryption algorithm D3 to the received encrypted 
content using the received title key as a key, thereby to 
generate the content, and writes the generated content 
into the internal storage unit 303 as the content 601 . 
[0102] Here, decryption algorithm D3 is an aigorithm 

20 for performing inversion of the encryption aigorithm D3. 
One example of decryption aigorithm D3 is an algorithm 
based on DES. 

(3) Operations of Mobile Phone 300b 

25 

[0103] Now, description is given to the operations of 
the mobile phone 300b. 

[0104] Note that overall operations performed by the 
digital work distribution system are shown' in the flow- 
so chart in FIG. 4 provided that the steps S108-S111 and 
the steps 8112-S115 are replaced with steps 
S131-S137 and the steps S141-S146 described blow, 
respectively. 

35 (Operations for Storing Encrypted Content) 

[0105] With reference to the flowchart shown in FIG, 
7, description is given to the operations performed by 
the mobile phone 300b to generate the encrypted con- 
40 tent as well as to write the encrypted content into the 
memory card 400b. 

[0106] The titie key generating unit 321 generates a 
title key (step S1 31 ). Next, the encryption unit 322 reads 
the unique information from the unique information stor- 

45 age unit 310 (step SI 32), and then applies encryption 
aigorithm E2 to the received title key using the read 
unique information as a key thereby generate an en- 
crypted the title key (step 31 33). Successively, the write 
unit 330 receives the encrypted titie key from the en- 

50 cryption unit 322, and writes the received encrypted titie 
key into the second external storage unit 411 included 
in the memory card 400b (step S134). The encryption 
unit 323 then reads the content 601 from the internal 
storage unit 303 (step S1 35), and applies encryption at- 

ss gorithrn E3 to the read content using the received titie 
key as a key, thereby to generate the encrypted content 
(step 31 36). Thereafter, the write unit 330 writes the en- 
crypted content into the first external storage unit 412 
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Included in the memory card 400b (step S137). 
(Operations for Decrypting Content) 

[0107] With reference to the flowchart shown In FIG. 5 
8, description is given to the operations of the mobile 
phone 300b performed to read the encrypted content 
from the memory card 400b andto generate thecontent. 
[01 08] The read unit 350 reads the encrypted title key 
from the second externa! storage unit 411 included in 10 
the memory card 400b (step S141). Next, the decryption 
unit 342 reads the unique information from the unique 
information storage unit 310 (step S142), and applies 
decryption algorithm D2 to the read encrypted title key 
using the read unique information as a key, thereby to 15 
generate the title key (step SMS). Next, the read unit 
350 reads the encrypted content from the first externa) 
storage unit 41 2 included in the memory card 400b (step 
SI 44). Subsequently, the decryption unit 343 applies 
decryption algorithm D3 to the received encrypted con- so 
tent using the title key as a key thereby to generate the 
content (step S145), and writes the generated content 
into the internal storage unit 303 as the content 601 
(step S146), 

25 

1,9 Modification 3 
[0109] 

(1) As described above, the encryption unit 320 and so 
the decryption unit 340, in one example, employ a 
DES algorithm encryption algorithm. 

In this case, the unique information stored in 
the unique information storage unit 31 0 may be a 
unique key having 56 bits. 35 

Alternatively, the telephone number allotted to 
the mobile phone may be used as the unique infor- 
mation, in this case, the telephone number is sub- 
jected to a secret conversion function to output 
56-bit unique information, which servers as the 40 
unique information. 

Here, DES encryption may be employed as the 
secret conversion function in the following manner. 
That is, the telephone number is subjected to a DES 
encryption algorithm using a secret, fixed value « 
having 56 bit to output a value having 64 bits. The 
last 56 bits of the value are used as the unique in- 
formation, 

(2) Further, the unique information storage unit 310 st 
and the internal storage unit 303 are protected from 
being read or written from any other external device 
than a specially permitted device, such as a later- 
described- model change device. To be more spe- 
cific, each of the unique information storage unit a 
31 0 and the internal storage unit 303 are composed 
of tamper-resistant hardware, tamper-resistant 
software, or a combination of the two. 



(3) Further, the unique information storage unit 310 
may be constructed within a card that is attachable 
to and detachable from the mobile phone. Exam- 
ples of such a card include a SIM (Subscriber Iden- 
tity Module) card for use with mobile phones, 

(4) Still further, at the time of encrypting the content 
using the DES encryption algorithm, the content is 
divided into data blocks each having 64 bits, and 
then each data block is encrypted using the 56-bit 
unique key to generate a 64-bit encrypted data 
block. The thus generated encrypted data blocks 
are then concatenated together, and the concate- 
nated encrypted data blocks are outputted as the 
encrypted content (ECB (Electronic Godebook) 
mode). Alternatively, the encryption may be done 
using CBC (Cipher Feedback chaining ) mode. De- 
tails of the EGB mode and the CBC mode are found, 
for example, in "Introduction to Cryptographic The- 
ory (Ango-Riron Nyumorif (Eiji OKAMOTO, pub- 
lished by Kyoritsu Shuppan CO., LTD.), and thus 
description is omitted, 

1.10 Overview 

[0110] Generally, the internal storage unit 303 of the 
mobile phone 300 is limited in its memory capacity. Con- 
ventionally, this limitation results in the following prob- 
lem, in the case the internal storage unit 303 is full with 
digital works, the user is required to delete some of the 
digital works stored in the internal storage unit 303 to 
secure a free memory space before purchasing another 
digital work, or he simply has to give up purchasing an- 
other digital work. 

[0111] However, accordingto embodiment 1 , the user 
is allowed to store some of the digital works stored in 
the internal storage unit of the mobile phone into the 
memory card attached the mobile phone when he de- 
cides not to use the digital works any time soon, in this 
manner, a free memory space is secured in the internal 
storage unit of the mobile phone without losing the rights 
to playback those digital works he has purchased. As a 
consequence, the user is allowed to purchase some 
more digital works, 

[0112] Here, some of the copyright holders of digital 
works may not permit the following usage pattern. That 
is, for example, when an encrypted content is stored into 
a memory card using a certain mobile phone, the cop- 
yright holder of the content desires that the content be 
prohibited to be decrypted or played back by any other 
mobiie phones even if the memory card is attached 
thereto. 

[01 13] Here, embodiment 1 meets this end in that an 
encrypted content that a user has stored in a memory 
card using a certain mobile phone is neither decrypted 
nor played back with any other mobile phones than that 
particular one even if the memory card is attached there- 
to. 
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[01 14} In other words, the rights of copyright holders 
are protected as the digital content stored Into a memory 
card being attached to a mobile phone is not decrypted 
or played back by any other mobile phones than that 
particular mobile phone used at the time of storing the 
content. This advantageous feature will be described in 
detail with reference to FIG. 9. 

[0115] As shown in FIG. 9, a mobile phone A stores 
unique information A, while a mobiie phone X stores 
unique Information X. 

[01 16] Upon writing a content into a memory card, the 
mobile phone A encrypts a title key using the unique in- 
formation A, and stores the encrypted title key into the 
external storage unit included in the memory card (step 
St 51). Next, the mobile phone A encrypts the content 
using the title key, and stores the encrypted content into 
the external storage unit of the memory card (step 
S152). 

[0117] Upon reading the encrypted content from the 
memory card, the mobile phone A reads the encrypted 
title key from the external storage unit included in the 
memory card, and decrypts the encrypted title key using 
the unique information A {step S153). Next, the mobile 
phone A reads the encrypted content from the externa) 
storage unft, and decrypts the encrypted content using 
the decrypted title key (step S154). 
[0118] Here, the unique information used to encrypt 
the title key and the unique information used to decrypt 
the encrypted title key are both the same unique infor- 
mation A, so that the encrypted title key is correctly de- 
. crypted. Consequently, the title key used to encrypt the 
content and the title key used to decrypt the encrypted 
content are the same, so that the content is correctly 
decrypted. 

[0119] On the other hand, when the mobile phone X 
attempts to play back the content, the mobile phone X 
reads the encrypted title key from the externa! storage 
unit included in the memory card, and decrypts the title 
key using the unique information X {step S165). 
[0120] Here, since the unique informationA that is 
used to encrypt the title key differs from the unique in- 
formation X used to decrypt the title key. Consequently, 
the title key is not correctly decrypted, so that the en- 
crypted content is not correctly decrypted, either. 
[0121] Therefore, the mobile phone B fails to play 
back the encrypted content, 

2. PREFERRED EMBODIMENT 2 

[0122] Hereinafter, description is given to a digital 
work distribution system 1 00c consistent with preferred 
embodiment 2 of the present invention. 
[0123] The digital work distribution system 1 00c aims 
to provide a digital work protection system, a main de- 
vice, and a recording medium device, each of which al- 
lows playback of a digital work by the main device only 
under the conditions permitted according to usage con- 
dition data when the content is provided with usage con- 



dition data such as the permitted number of playback 
times for the digital work, or the permitted period. That 
is, with these devices, this embodiment aims to permit 
playback of digital works by the main device based on 

£ the usage condition information showing permissive 
conditions for usage of the digital work, 
[0124] In the digital work distribution system 100c, 
when a content is provided with usage condition data, 
such as limitation on the permitted number of playback 

10 times, the permitted playback period, or the permitted 
total amount of time playback, the mobile phone of the 
system is allowed to play back the content only within 
the limitations imposed by the usage condition data. 
[0125] The digital work distribution system 100c has 

is a construction similar to that of the digital work distribu- 
tion system 100. Here, description is given mainly to the 
differences with the digital workdistributlon system 1 00. 
[0126] The digital work distribution system 100c in- 
cludes a content distribution server device 200c and a 

£0 mobile phone 300c instead of the content distribution 
server device 200 and the mobiie phone 300, respec- 
tively, 

2.1 Construction of Content Distribution Server Device 
2* 200c 

[0127] Basically, the content distribution server de- 
vice 200c has a construction similartothat of the content 
distribution server device 200 included in the digital work 
so distribution system 1 00. Thus, description hereinafter is 
given mainly to the differences with the content distribu- 
tion server device 200. 

(Content Storage Unit 201) 

35 

[01 28] In addition to the content, the content storage 
unit 201 included in the content distribution server de- 
vice 200c further prestores a usage condition in corre- 
spondence with the content, 

[0129] The usage condition, for example, is a permit- 
ted number of playback times. The permitted number of 
playback times Imposes limitation on the total number 
of times that the user is permitted to play back the stored 
content that corresponds to the usage condition. When, 
for example, the permitted number of playback times is 
set at "1 0 Jt , the user is permitted to play back the content 
for ten times at the maximum. 

[01 30} Notethatthe usage condition may alternatively 
be a permitted playback period. The permitted playback 
period imposes limitation on the period during which the 
user is permitted to play back the stored content that 
corresponds to the usage condition. The permitted play- 
back period is composed of data showing the permis- 
sion starting day and permission expiry day. The user is 
permitted to play back the content only during the period 
starting on the permission starting day and expiring on 
the permission expiry day. During this period, the user 
is permitted to play back the content for an unlimited 
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number of times. 

[01311 Alternatively, the usage condition may be a 
permitted total amount of playback time. The permitted 
total amount of playback time imposes limitation on a 
total cumulative amount of time thatthe user is permitted 
to play back the stored content that corresponds to the 
usage condition. When, for example, the permitted total 
amount of playback time is set at "1 0 hours", the user is 
permitted to play back the content as fong as the total 
amount of playback time is within 10 hours. When the 
total amount of playback time exceeds 1 0 hours, play- 
back of the content is prohibited. 
[0132] Further, the usage condition may include all of 
the limitations, namely the permitted number of play- 
back times, the permitted playback period, and the per- 
mitted total amount of playback time, or it may include 
any two limitations selected from the above three limi- 
tations, 

(Control Unit 202) 

[0133] The control unit 202 reads from the content 
storage unit 201 the content that is identified by the con- 
tent ID along with the usage condition that is stored in 
correspondence to that usage condition. The control 
unit 202 then transmits the read content and usage con- 
dition to the mobile phone 300 via the transmission/re- 
ception unit 203 } the Internet 10, the mobile phone net- 
work 20 : and the radio base station 30. Here, the trans- 
mission is performed in a secure manner through the 
use of, for example, the EMMS system. 



(Usage Condition Judgment Unit 306) 

E0137] The usage condition judgment unit 306 reads 
the usage condition, i.e., the permitted number of play- 
5 back times, from the usage condition storage unit 305 
to judge whether the read permitted number of playback 
times exceeds 0. 

[0138] When judging that the read permitted number 
of playback times exceeds 0, the usage condition judg- 

10 ment unit 308 subtracts " V from the read permitted 
number of playback times, and overwrites the usage 
condition stored in the usage condition storage unit 305 
with the value resulting from the subtraction. Next, the 
usage condition judgment unit 306 outputs permission 

is information indicative of permission to play back the 
content stored in the internal storage unit 303. 
[0139] Alternatively, when judging that the read per- 
mitted number of playback times is equal to or less than 
0, the usage condition judgment unit 306 does not out- 

20 put the permission information, and consequently the 
playback unit 304 does not play back the content. 

(Playback Unit 304} 

25 [01 40] The playback unit 304 receives from the usage 
condition judgment unit 306 the permission information 
indicative of permission to play back the content. 
[0141] Upon receipt of the permission information, the 
play back u n it 304 reads the content stored in the intern al 

30 storage unit 303, and plays back the read content to out- 
put 



2,2 Construction of Mobile Phone 300c 

[0134] As shown in FIG. 10, the mobile phone 300c 
includes a usage condition storage unit 305 and a usage 
condition judgment unit 306 in addition to the compo- 
nents constituting the mobile phone 300. 

(Content Obtaining Unit 302) 

[0135] The content obtaining unit 302 receives the 
content and usage condition from the content distribu- 
tion server device 200c via the Internet 10, the mobile 
phone network 20, the radio base station 30, the anten- 
na 367, and transmission/reception unit 361 . The con- 
tent obtaining unit 302 then writes the received content 
into the internal storage unit 303 as the content 601 , and 
the received usage condition into the usage condition 
storage unit 305. In this case, the usage condition is the 
permitted number of playback times. 

(Usage Condition Storage Unit 305) 

[0136] The usage condition storage unit 305 has a 
storage area for storing the usage condition. 



2.3 Operations of Mobile Phone 300c 

35 [0142] Now, description is given to the operations of 
the mobile phone 300c with reference to the flowchart 
shown in FIG. 11 . 

[0143] Note that overall operations of the digital work 
distribution system are shown in the flowchart in FIG. 4 
40 provided thatthe steps S1 1 6 and S11 7 are replaced with 
steps S201-S205 described below. 
[0144] The usage condition judgment unit 306 reads 
the usage condition, Le,, the permitted number of play- 
back times (step S201), and judges whether the read 
45 permitted number of playback times exceeds 0 (step 
S202). When judging that the permitted number of play- 
back times exceeds O (step S202, YES), the usagecon- 
dition judgment unit 306 subtracts "1 " from the permitted 
number of playback times (step S203), and overwrites 
so the usage condition that is stored in the usage condition 
storage unit with the value resulting from the subtraction 
(step S204). Next, the usage condition judgment unit 
306 outputs to the playback unit 304 the permission in- 
formation indicative of permission to play back the con- 
55 tent stored in the internal storage unit 303. In response* 
the playback unit 304 receives the permission informa- 
tion from the usage condition judgment unit 306 T reads 
the content stored in the internal storage unit 303, and 
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plays back the read content to output (step S205). 
[0145] Alternatively, when judging that the read per- 
mined number of playback times is equal to or less than 

0 (step 3202, NO), the usage condition judgment unit 
306 does not output the permission information, and 
consequently the playback unit 304 does not play back 
the content. Here, such a setting to delete the content 
at this stage is also applicable. 

2.4 Operations of Mobile phone 300c 

[0146] Now, with reference to the flowchart shown in 
FIG. 12, description is given to the operations of the mo- 
bile phone 300c in the case where the usage condition 
is the permitted playback period. 
[0147] Note that the overall operations of the digital 
work distribution system are shown in the flowchart in 
FIG. 4 provided that the steps S116 and S117 are re- 
placed with steps S211-S214 described below. 
[0148] The usage condition judgment unit 306 reads 
the usage condition, i.e., the permitted playback period, 
from the usage condition storage unit 305 (step S211), 
obtains the current date/time (step S212), and judges 
whether the obtained current date/time fails within the 
permitted playback period (step 3213). When judging 
that the current time/date is within the permitted play- 
back period (step S21 3, YES), the usage condition judg- 
ment unit 306 outputs to the playback unit 304 the per- 
. mission information indicative of permission to play back 
the content stored in the internal storage unit 303. in 
response, the playback unit 304 receives the permission 

1 nf o rmation from the usage co nd iti on ju dgm ent unit 306, 
reads the content stored in the internal storage unit 303, 
and plays back the read content to output (step S214), 
[0149] Alternatively, when judging that the current 
date/time fails out of the permitted playback period (step 
S213, NO), the usage condition judgment unit 306 does 
not output the permission information, and consequent- 
ly the playback unit 304 does not play back the content 
Here, such stetting may be applicable that the content 
is deleted if the current date/time is after the permitted 
playback period. 

2.5 Operations of Mobile Phone 300c 

[0150] Next, with reference to the flowchart shown in 
FIG. 13, description is given to the operations of the mo- 
bile phone 300c in the case where the usage condition 
is the permitted total amount of playback time. 
[0151] Note that overall operations of the digital work 
distribution system are shown in the flowchart in FIG. 4 
provided that the steps S1 1 8 and S1 1 7 are replaced with 
steps S221-S226 described below, 
[0152] Here, the content storage unit 201 further has 
a storage area for storing a total amount of actual play- 
back time. The total amount of actual playback time is 
a cumulative amount of time that the content has been 
actually played back, Further, the content includes play- 



back time information showing the time taken to play 
back the entire content. 

[0153] The usage condition judgment unit 306 reads 
the usage condition, i.e., the permitted total amount of 
s playback time, along with the total amount of actual play- 
back time from the usage condition storage unit 305 
(step 3221), and obtains from the content the playback 
time information showing the time taken to play back the 
content (step 3222), and calculates the sum of the read 
10 total amount of actual playback time and the time shown 
by the obtained playback information to compare the 
thus calculated sum with the permitted total amount of 
playback time (step S223). When judging that the per- 
mitted total amount of playback time is equal to or great- 
's er than the calculated sum (step S223, YES), the usage 
condition judgment unit 306 outputs to the playback unit 
304 the permission information Indicative of permission 
to play back the content stored in the internal storage 
unit 303, In response, the playback unit 304 receives 
20 the permission information from the usage condition 
judgment unit 306, reads the content stored in the inter- 
nal storage unit 303, and plays back the read content to 
output (step $224), Then, the usage condition judgment 
unit 306 calculates the total amount of actual playback 
3$ time by performing the following expression: Total 
Amount of Actual Playback Time = (Total Amount of Ac- 
tual PlaybackTirne)-h (Playback Time Information) (step 
S225), and overwrites the total amount of actual play- 
back time stored in the usage condition storage unit 305 
so with the newly calculated total amount of actual play- 
back time (step 3226). 

[0154] Alternatively, when judging that the permitted 
total amount of playback time is smaller than the calcu- 
lated sum (step S223, NO), the usage condition judg- 

35 ment unit 306 does not output the permission informa- 
tion, and consequently, the playback unit 304 does not 
play back the content. Here, such setting may be appli- 
cable that the content is deleted if the permitted total 
amount of playback time is smaller than the total amount 

40 of actual playback time. Further, such setting may be 
also applicable that playback of the content is permitted 
even when the permitted total amount of playback time 
is not enough to play back the entire content. 2.6 Over- 
view 

45 [0155] As described above, the content storage unit 
201 included in the content distribution server device 
200c stores the content and the corresponding usage 
condition in association with each other, and the content 
distribution server device 200c transmits the content 

so and the corresponding usage condition to the mobile 
phone 300c. When the user purchases the content that 
is provided with the usage condition, the internal storage 
unit 303 included in the mobile phone 300c stores the 
purchased content, and the usage condition storage unit 

sb 305 stores the transmitted usage condition. 

[0156] When the user intends to play back the content 
that he has purchased earlier, the usage condition judg- 
ment unit 306 judges whether to permit playback of the 
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content based on the corresponding usage condition 
stored in the usage condition storage unit 305. When 
judging to permit playback of the content, the usage con- 
dition judgment unit 306 instructs the playback unit 304 
to play back the content, 

[01573 Further, the usage condition may be the 
number of times permitted for the content to be copied 
or moved. Here, "to copy" the content refers to duplicate 
the content stored in the interna! storage unit and to write 
the duplication of content into a recording medium. 
Here, note that only the first generation "copying" of con- 
tent is permitted, i.e., copying from duplication of con- 
tent is prohibited. In addition , *to move" the content re- 
fers to write the content stored in the internal storage 
unit into a recording medium and to delete the content 
stored in the internal storage unit. When the usage con- 
dition is the number of times permitted for the content 
to be copied or moved, the content is permitted to be 
copied or moved for the permitted number of times, 
[0158] The procedure to encrypt the purchased con- 
tent to store into the memory card 400 and the proce- 
dure to read the encrypted content from the memory 
card 400 to the mobile phone 300c are the same as 
those described in embodiment 1 , and thus description 
thereof is omitted. Here, it should be noted that the us- 
age condition data is not written into the memory card, 
but held in the usage condition storage unit 305 included 
in the mobile phone 300c. 

£0159] Note that the usage condition storage unit 305 
is protected from being externally read or written with 
any devices other than a specifically permitted device 
which will be described later To be more specific, the 
usage condition storage unit 305 is composed of 
tamper-resistant hardware, tamper-resistant software, 
or a combination of the two. 

[0160] Further, the usage condition storage unit 305 
may be included in a card, such as SiM card for use with 
mobile phones that is attachable to and detachable from 
the mobile phone. 

[0161] With the above construction, when a content 
is provided with usage condition, the content is permit- 
ted to be played back only when the usage condition is 
met 

[0162] Generally speaking, the internal storage unit 
303 of the mobile phone 300 is limited in its memory 
capacity, Conventionally, this limitation results in the fol- 
lowing problem. In the case the internal storage unit is 
full with digital works, some of the digital works stored 
in the internal storage unit need to be deleted to secure 
a free memory space before purchasing another digital 
work, or otherwise, the user has to give up purchasing 
another digital work. 

[0163] Accordingto embodiment2, however, similarly 
to embodiment 1 1 the user is allowed to store some of 
the digital works stored in the internal storage unit 303 
of the mobile phone 300c into the memory card 400 at- 
tached to the mobile phone 300c when he decides not 
to use the digital works any time soon. In this manner, 



a free memory space is secured in the internal storage 
unit 303 without losing the rights to play back the pur- 
chased digital works, so that some more digital works 
may be purchased. 

5 [0164] Further, with the above construction, when a 
content is encrypted by a certain mobile phone and 
stored in a memory card attached thereto, the encrypted 
content is not possibly decrypted or played back by any 
other mobile phone than that particular mobile phone. 

10 That Is to say, embodiment 2 achieves an effect of meet- 
ing copyholders' demand that a content stored into a 
memory card using a certain mobile phone be prohibited 
from being decrypted or played back using any other 
mobile phone although the memory card is attached 

is thereto. 

3. PREFERRED EMBODIMENT 3 

[0165] Now, description is given to a digital work dis- 
20 tribution system 1 0Od consistent with preferred embod- 
iment 3 of the present invention. 

[01 66] Similarly to the digital work distribution system 
100c r when usage condition for is provided, the digital 
work distribution system 1 0Od permits the mobile phone 
£5 to play back the content only under the conditions sat- 
isfying the usage condition. 

[0167] The digital work distribution system 100d has 
a construction similar to that of the digital work distribu- 
tion system 100c, Thus, description is given mainly to 
30 the differences with the digital work distribution system 
100c, 

[0168] The digital work distribution system 100d in- 
cludes a content distribution server device 200d, mobile 
phone 300d T and a memory card 400d instead of the 
S5 content distribution server device 200c, the mobile 
phone 300c r and the memory card 400, respectively. 
Note that the content distribution server device 200d is 
the same as the content distribution server device 200c, 

40 3.1 Memory Card 400d 

[0169] As shown in FIG. 14, the memory card 400d is 
composed of a first external storage unit 41 2, a second 
external storage unit 411, and an authentication unit 
45 490. 

[0170] The authentication unit 490 performs chal- 
lenge-response type, mutual authentication with an au- 
thentication unit 390 (described later) included in the 
mobile phone 300d. To be more specific, the authenti- 

so cation unit 490 waits for the authentication unit 390 to 
authenticate the authentication unit 490, and then au- 
thenticates the authentication unit 390. Only when both 
the authentication processes are successful, the mutual 
authentication is regarded to be successful. Since the 

55 challenge-response type authentication is a known 
technique, description thereof is omitted. 
[0171 ] The first external storage unit 41 2 has a stor- 
age area for storing an encrypted contend. 
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[0172] The second external storage unit 4.11 is a stor- 
age unitthat is read or written from another end, i.e., the 
mobile phone 300d only after authentication by the au- 
thentication unit 490 has been successfully performed. 
The second external storage unit 411 has a storage area 
for storing encrypted concatenated information which 
will be described later. 

3.2 Construction of Mobile Phone 300d 

[0173] The mobile phone 3G0ri has a construction 
similar to that of the mobile phone 300c. 
[0174] As shown in FIGs. 1 5 and 1 8, the mobile phone 
300d includes an encryption/decryption unit 380d in- 
stead of the encryption/decryption unit 380 that is includ- 
ed in the mobile phone 300c, and also includes write 
units 331 and 332 as well as read units 351 and 352 
instead of the write unit 330 and the read unit 360 that 
are Included in the mobile phone 300c. The mobile 
phone 300d further includes the authentication unit 390. 
The other components are the same as those constitut- 
ing the mobile phone 300c. 

[0175] Hers, description is given mainly to differences 
with the mobiJe phone 300c. 

(1) Authentication Unit 390 

[0176] The authentication unit 390 receives an au- 
thentication instruction from the control unit 366. 
[0177] Upon receipt of the authentication Instruction, 
the authentication unit 390 performs challenge-re- 
sponse type, mutual authentication with the authentica- 
tion unit 490 included in the memory card 400d. To be 
more specific, first, the authentication unit 390 authen- 
ticates the authentication unit 490, Next, the authenti- 
cation unit 390 waits for the authentication unit 490 to 
authenticate the authentication unit 390, Only when 
both the authentication processes are successful, the 
mutual authentication is regarded to be successful. 
[0178] When the mutual authentication has been suc- 
cessfully performed, the authentication unit 390 outputs 
information indicative of the success of the mutual au- 
thentication. 

(2) Encryption/Decryption Unit380d 

[0179] As shown in FIG. 16, the encryption/decryption 
unit 380d is composed of a titie key generating unit 
321 d, an encryption unit 322d, an encryption unit 323d, 
a concatenation unit 324, a decryption unit342d, a de- 
cryption unit 343d, and a split unit 344, 

{Title Key Generating Unit 321 d) 

[0180] The title key generating unit 321 d receives a 
storage instruction from the control unit 366. 
[0181] Upon receipt of the storage instruction from the 
control unit 366, the title key generating unit 321 d gen- 



erates a titie key in a similar manner to that of the title 
key generating unit 321 induced in the encryption/de- 
cryption unit 380b, and outputs the generated titie key 
to the concatenation unit 324 and the encryption unit 
5 323d. 

(Encryption Unit322d) 

[0182] The encryption unit 322d reads the unique in- 
10 formation from the unique information storage unit 31 0, 
and receives the concatenated information from the 
concatenation unit 324,"Next, the encryption unit 322d 
applies encryption algorithm E2 to the received concate- 
nated information using the read unique key information 
is as a key, thereby to generate encrypted concatenated 
information, and outputs the encrypted concatenated in- 
formation to the write unit 331 . 

{Encryption Unit 323d) 

20 

[01 83] The encryption unit 323d receives the title key 
from the title key generating unit 321 d, and reads the 
content 601 from the internal storage unit 303. Next, the 
encryption unit 323d applies encryption algorithm E3 to 
$5 the read content using the received title key as a key 
thereby to generate an encrypted content and outputs 
the encrypted content to the write unit 332. 

(Concatenation Unit 324) 

SO 

[0184] The concatenation unit 324 receives the title 
key from the title key generating unit 321 d, and reads 
the usage condition from the usage condition storage 
unit 305. Next, the concatenation unit 324 concatenates 
35 the received titie key with the read usage condition in 
the stated order to generate concatenated information, 
and outputs the generated concatenated information to 
the encryption unit 322d. 

to (Decryption Unit 342d) 

[01 85] The decryption unit 342d receives the encrypt- 
ed concatenated information from the read unit 361 , and 
reads the unique information from the unique informa- 

4S tlon storage unit 310. Next, the decryption unit 342d ap- 
plies decryption algorithm D2 to the received, encrypted 
concatenated information using the read unique infor- 
mation as a key, thereby to generate the concatenated 
information, and outputs the generated concatenated 

so information to the split unit 344. 

(Decryption Unit 343d) 

[0186] The decryption unit 343d receives the encrypt- 
55 eci content from the read unit 352, and the title key from 
the spilt unit 344. The decryption unit 343d then applies 
decryption algorithm D3 to the received encrypted con- 
tent using the received title key as a key, thereby to gen- 



40 



17 



33 



EP 1 280 149 A2 



34 



erate the content, and writes the generate content into 
the Internal storage unit 303. 

(Split unit 344) 

[01871 The split unit 344 receives the concatenated 
inf ormation from the decryption unit 342d f and splits the 
received concatenated information to generate the title 
key and the usage condition. The split unit 344 then out- 
puts the generated title key to the decryption unit 343d r 
and writes the generated usage information into the us- 
age condition storage unit 305. 

(3) Write Unit 331 

[01 8BJ The write unit 331 receives the encrypted con- 
catenated information from the encryption unit 322d, 
and writes the received, encrypted concatenated infor- 
mation into the second external storage unit 411 includ- 
ed in the memory card 400d. 

(4) Write Unit 332 

[01 89} The write unit 332 receives the encrypted con- 
tent from the encryption unit 323d, and writes the re- 
ceived encrypted content into the first external storage 
unit 412. 

(5) Read Unit 351 

[01901 The read unit 351 receives a read instruction 
from the control unit 366. 

[0191 1 Upon receipt of the read instruction, the control 
unit 366 reads the encrypted concatenated information 
from the- second external storage unit 411 included in 
the memory card 400d, and outputs the read encrypted 
concatenated information to the decryption unit 342d. 

(6) Read Unit 352 

[0192] The read unit 352 reads the encrypted content 
602 from the first external storage unit 412 included in 
the memory card 400d, and outputs the read encrypted 
content to the decryption unit 343d. 

(7) Control Unit 366 

[0193] The control unit 366 receives a content write 
instruction and a content read instruction from the input 
unit 365. Upon receipt of the write instruction or the read 
instruction, the control unit 366 outputs an authentica- 
tion instruction to the control unit 366, 
[01 94] Further, the control unit 366 receives from the 
authentication unit 390 information indicative of whether 
the authentication has succeeded or failed. 
[0195] In the case of receiving the content write in- 
struction from. the input unit 365 as well as the informa- 
tion indicative of successful authentication from the au- 



thentication unit 390, the control unit 366 outputs a stor- 
age instruction to the title key generating unit 321 d of 
the encryption/decryption unit 330d. 
[0196] in the case of receiving the read instruction 
5 from the input unit 365 and the information indicative of 
successful authentication from the authentication unit 
390, the control unit 366 outputs a read instruction to 
the read unit 351. 

[01971 In the case of receiving the write instruction or 
10 the read instruction along with the information indicative 
of unsuccessful authentication, the control unit 366 dis- 
cards the received write instruction or read instruction, 
and consequently no write operation or read operation 
is performed. 

15 

3.3 Operations of Digital Work Distribution System 1 0Od 

[0198] Hereinafter, description is given to the opera- 
tions of the digital work distribution system 100d, 



20 

(1) Overall Operations of Digital Work Distribution 
System 1 0Od 

[0199] First, description is given to the overall opera- 
25 ttons of the digital work distribution system 1 0Od with 
reference to the flowchart shown in FIG. 1 7. 
[0200] The content purchasing unit 301 of the mobile 
phone 300d receives the content ID from the input unit 
365 to generate the payment information (step 8251), 
30 and transmits the content ID and the payment informa- 
tion to the content distribution server device 200d (step 
S252), 

[0201] The control unit 202 of the content distribution 
server device 200d receives the content \ D and the pay- 

35 ment information from the mobile phone 3O0d (step 
S252), performs the processing to receive the payment 
based on the received payment information (step S253), 
reads from the content storage unit 201 the content 
identified by the received content ID (step S254), and 

40 transmits the read content to the mobile phone 300d 
(step S255). 

[0202] The content obtaining unit 302 of the mobile 
phone 300d receives the content transmitted from the 
content distribution server device 2Q0d (step S255), and 

45 writes the received content into the internal storage unit 
303 as the content 601 (step S256) 
[0203] in the case of receiving a content write instruc- 
tion from the input unit 365, the controi unit 366 outputs 
an authentication instruction to the authentication unit 

so 390 (step 5257). Upon receipt of the authentication in- 
struction, the authentication unit 390 performs mutual 
authentication with the authentication unit 490 of the 
memory card 400d (step S258). When the authentica- 
tion is successfully performed, i.e., when receiving in- 

55 format ion. indicative of successful authentication from 
the authentication unit 390, the control unit 366 outputs 
a storage instruction to the encryption/decryption unit 
380d (step S259, YES), and the encryption/decryption 
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unit 380d performs processing to store the content (step 
S26Q), Alternatively, when the authentication is unsuc- 
cessful, Le,, when receiving the information Indicative 
of unsuccessful authentication from the authentication 
unit 390 (step 3259, NO), the control unit 366 discards 
the content write instruction that has been received. As 
a consequence, no storage processing is performed, 
[0204] Alternatively, in the case of receiving a content 
read instruction from the input unit 365, the control unit 
366 inputs an authentication instruction to the authenti- 
cation unit 390 (step S257). Upon receipt of the authen- 
tication instruction from the control unit 366, the authen- 
tication unit 390 performs mutual authentication with the 
authentication unit 490 included in the memory card 
400d (step S261). When the authentication is success- 
fully performed, i.e., when receiving the information in- 
dicative of successful authentication from the authenti- 
cation unit 390(step S262, YES), the control unit 366 
outputs a read instruction to the read unit 351 , and in 
response, the read unit 351 performs read processing 
(step S263), Alternatively, when the authentication is 
unsuccessful, i.e., when receiving the information indic- 
ative of unsuccessful authentication from the authenti- 
cation unit 390 {step 3262, NO), the control unit 366 dis- 
cards the read instruction that has been received. As a 
consequence, no read processing in performed, 
[0205] Alternatively, in the case of receiving a content 
playback instruction from the input unit 365 (step S257), 
the control unit 366 instructs to perform playback 
processing (step 3264), 

(2) Operations for Mutuai Authentication between 
Mobile Phone 300d and Memory Card 400d 

[0206] Now, description Is given to the operations per- 
formed for mutual authentication between the mobile 
phone 300d and the memory card 400d with reference 
to the flowchart shown in FIG. 18. 
[0207] Note that the operations for mutual authentica- 
tion described herein are the details of the operations 
performed in the steps S258 and S261 shown in the 
flowchart in FIG. 17. 

[0208] The authentication unit 390 of the mobile 
phone 300d authenticates the authentication unit 490 of 
the memory card 400d (step S271). When the authen- 
tication in this step is successfully performed (step 
S272, YES), then the authentication unit 490 authenti- 
cates the authentication unit 390 (step 3273). When the 
authentication in this step is successfully performed 
(step S274, YES), the authentication unit 490 outputs to 
the control unit 366 information indicative of successful 
authentication (step 3275), 

[0209] When the authentication in thestep S271 is un- 
successful (step 3272, MO), or when the authentication 
tn the step S273 is unsuccessful (step 3274, NO), the 
authentication unit 490 outputs to the control unit 366 
information indicative of unsuccessful authentication 
(step S276). 
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(3) Operations for Storage Processing 

[0210] Next, with reference to the flowchart shown in 
FIG. 19, description is given to the operations performed 

5 by the mobile phone 300d for the storage processing. 
[021 1 ] Upon receipt of the storage instructs n from the 
control unit 366, the title key generating unit 321d of the 
encryption/decryption unit 380d generates a title key, 
and outputs the generated title key to the concatenation 

10 unit 324 and encryption unit 323d (step S281). 

[0212] Next, the concatenation unit 324 receives the 
title key from the title key generating unit 321 d, and 
reads the usage condition from the usage condition stor- 
age unit 305 (step S282), Next, the concatenation unit 

1* 324 concatenates the received title key and the read us- 
age condition in the stated order to generate concate- 
nated information, and outputs the generated concate- 
nated information to the encryption unit 322d {step 
S283). 

20 [0213] Next, the encryption unit322d reads unique in- 
formation from the unique information storage unit 310, 
and receives the concatenated information from the 
concatenation unit 324 (step S284), Next, the encryp- 
tion unit 322d applies encryption algorithm E2 to the re- 
ceived concatenated information using the read unique 
information as a key, thereby to generate encrypted con- 
catenated information, and outputs the encrypted con- 
catenated information to the write unit 331 (step S285). 
In response, the write unit 331 receives the' encrypted 
concatenated information from the encryption unit322d, 
and writes the received, encrypted concatenated infor- 
mation into the second external storage unit 41 1 includ- 
ed in the memory card 400d (step S286). 
[0214] Next, the encryption unit 323d receives the title 
key from the title key generating unit 321 d, and reads 
the content 601 from the internal storage unit 303 (step 
S287). Further, the encryption unit 323d applies encryp- 
tion algorithm BS to the read content using the received 
title key as a key, thereby to generate an encrypted con- 
tent, and outputs the generated encrypted content to the 
write unit 332 (step S288), In response, the write unit 
332 receives the encrypted content from the encryption 
unit 323d and writes the received encrypted content to 
the first external storage unit 412 (step S289). 

(4) Operations for Read Processing 

[0215] Now, description is given to the operations per- 
formed by the mobile phone 300d for read processing 
with reference to FIG, 20. 

[0216] Upon receipt of the read instruction from the 
control unit 366, the read unit 351 reads the encrypted 
concatenated information from the second external stor- 
age unit 411 included in the memory card 400d, and out- 
puts the read encrypted concatenated information to the 
decryption unit 342d (step S291). In response, the de- 
cryption unit 342d receives the encrypted concatenated 
information from the read unit 351 , reads the unique fn- 
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formation from the unique information storage unit 310 
(step S292), applies decryption algorithm D2 to the re- 
ceived, encrypted concatenated information using the 
read unique information as a key, thereby to generate 
the concatenated information, and then outputs the gen- 
erated concatenated information to the split unit 344 
{step S293), 

[0217] Subsequently, the split unit 344 receives the 
concatenated Information from the decryption unit 342d, 
and splits the received concatenated information so as 
to generate the title key and the usage condition. The 
split unit 344 then outputs the generated title key to the 
decryption unit 343d, and writes the regenerated usage 
condition into the usage condition storage unit 305 (step 

5294) . 

[021 S] Next, the read unit 352 reads the encrypted 
content 602 from the first external storage unit 412 in- 
cluded in the memory card 400d, and outputs the read 
encrypted content to the decryption unit 343d (step 

5295) . Next, the decryption unit 343d receives the en- 
crypted content and the title key from the read unit 352 
and the split unit 344, respectively, applies decryption 
algorithm D3 to the received encrypted content using 
the received title key as a key, thereby to generate the 
content (step S296), and writes the generated content 
into the internal storage unit 303 (step S297). 

3.4 Overview 

[0219] To write the content into the memory card 
400d f the mobile phone 300d generates the title key, 
reads the usage condition, and concatenates the title 
key with the usage condition to generate the concate- 
nated information. Next, the mobile phone 300d en- 
crypts the concatenated information uslngtheuniquein- 
formation, and writes the encrypted concatenated infor- 
mation into the second external storage unit 411 includ- 
ed in the memory card 400d. Next, the mobile phone 
300d reads the content from the internal storage unit 
303, encrypts the read content using the title key, and 
writes the encrypted content into the first external stor- 
age unit 412 included in the memory card 400d. 
[0220] To read the content from the memory card 
400d, the mobile phone 300d reads the encrypted con- 
catenated information from the second external storage 
unit 41 1 included in the memory card 400d, and decrypts 
the read encrypted concatenated information using the 
unique information to generate the concatenated infor- 
mation. The mobile phone 300d then splits the generat- 
ed concatenated information to generate the title key 
and the usage condition, and writes the generated us- 
age condition into the usage condition storage unit 305. 
Next, the mobile phone 300d reads the encrypted con- 
tent from the first external storage unit 412 included in 
the memory card 400d, and decrypts the encrypted con- 
tent using the title key as a key to generate the content, 
and writes the generated content into the internal stor- 
age unit 303. 



[0221] To play back the content, the mobile phone 
300d plays back the content stored in the internal stor- 
age unit 303 in compliance with the usage condition 
stored in the usage condition storage unit 305. 

5 

3.5 Operating Procedure Performed by User of Mobile 
Phone 300d 

[0222] Hereinafter, description is given to the operat- 
10 ing procedure that the user of the mobile phone 300d 
performs. 

(1) First, with the use of the content purchasing unit 
301 of the mobile phone 300d, the user selects and 
1$ purchases a content from among contents each of 
which is provided with a usage condition and is 
stored in the content storage unit 201 of the content 
distribution server device 200d. Then, with the use 
of the content obtaining unit 302, the user receives 
20 the content that he has purchased, The content and 
the usage condition are then stored respectively in- 
to the internal storage unit 303 and the usage con- 
dition storage unit 305 both of which are included in 
the mobile phone 300d. 
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(2) Next, in the case where the purchased content, 
for example, is karaoke data and the usage condi- 
tion attached thereto permits the playback of the 
content up to ten times, the usage condition judg- 
ment unit 306 permits the playback unit 304 to play 
back the karaoke data up to ten times. 

(3) Further, in the following procedure, the user may 
store into the memory card 400d the content 601 
and the usage condition that are respectively stored 
in the internal storage unit 303 and the usage con- 
dition storage unit 305 both of which are included in 
the mobile phone 3Q0d, 

(3.1 ) The user attaches the memory card 400d 
to the mobile phone 300d ; and selects an op- 
eration to store the purchased content which is 
provided with the usage condition into the 
memory card. 

(3.2) In response, a title key that is unique to 
each content is generated by the title key gen- 
erating unit 321 d. The generated title key is 
then concatenated with the usage condition by 
the concatenation unit 324 to generate con- 
catenated information. The concatenated infor- 
mation is encrypted by the encryption unit322d 
using the unique information stored in the 
unique information storage unit 310, Provided 
that the mutual authentication is successfully 
performed between the authentication unit 390 
of the mobile phone 300d and the authentica- 
tion unit 490 of the memory card 400d r the en- 
crypted concatenated information is stored by 
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the write unit 331 into the second external stor- 
age unit 411 included in the memory card 400d. 
Next, the content stored In the internal storage 
unit 303 is encrypted by the encryption unit 
323d using the title key, and the encrypted con- 
tent is stored in the first external storage unit 
412 included in the memory card 400d. 

(4) Still further, the user may extract the usage con- 
dition and the content from the encrypted concate- 
nated information and the encrypted content 602 
that are stored in the memory card 400d, and store 
the extracted content and usage condition into the 
internal storage unit 303 of the mobile phone 300d 
In the following procedure. 

(4.1 ) The user attaches the memory card 400d 
to the mobile phone 300d, and selects an op- 
eration to fetch from the memory card 400d the 
encrypted content which is provided with the 
usage condition. 

(4.2) In response, the mutual authentication is 
performed between the authentication unit 390 
of the mobile phone 300d and the authentica- 
tion unit 490 of the memory card 400d. Provid- 
ed that the mutual authentication is successful, 

.. the encrypted concatenated information stored 

■ . in the second external storage unit 41 1 is read 
by the read unit 351 . The read encrypted con- 

•s. catenated information is then decrypted by the 
decryption unit342d using the unique informa- 
tion stored in the unique information storage 

*u unit 31 0. The decrypted concatenated informa- 
tion is then spilt so as to generate the title key 

t- and the usage condition. The usage condition 
is stored into the usage condition storage unit 
305. Further, the encrypted content stored in 
the first external storage unit 412 included in 
the memory card 400d is read by the read unit 
352. The read content is then decrypted by the 
decryption unit 343d using the title key to gen- 
erate a decrypted content, and the decrypted 
content is stored in the internal storage unit 
303. 

3.6 Other 

[0223J 

(1) in the above embodiment of the present inven- 
tion, the description is given to the procedure for 
storing into the memory card the purchased content 
which is provided with the usage condition. Yet, 
whether the content has been purchased is not an 
essentia! matter to the present invention. That is, 
for example, the above procedure is applicable to a 
content which is provided as a free sample with a 
certain usage condition. 



(2) DES encryption is one example of the encryption 
system employed m the encryption units 322d and 
323d and the decryption units 342d and 343d. 
In the case of employing DES encryption, the 

s unique information stored in the unique information 
storage unit 310 may be a unique key having 56 
bits. Alternatively, the telephone number allotted to 
the mobile phone may be used as the unique infor- 
mation. In the latter case, it is preferable to employ 

10 a secret conversion function that retunes a 56-bit 
unique key in response to input of the telephone 
number. Here, one example of such a conversion 
function is to use DES encryption in the following 
manner. That is, the telephone number is subjected 

is to DES encryption using a secret unique value hav- 
ing 56 bits to output a value having 64 bits. The last 
56 bits of the outputted value are used as the unique 
information. 

z° (3) Further, the unique information storage unit 310, 
the internal storage unit 303, and the usage condi- 
tion storage unit 305 are protected from being read 
or written from any other external device than aspe» 
cialiy permitted device, such as a later-described 

2S model change device. To be more specific, each of 
the unique information storage unit 31 0, the internal 
storage unit 303, and the usage condition storage 
unit 305 is composed of tamper-resistant hardware, 
tamper-resistant software, or a combination of the 

30 two. 

(4) Still further, the unique information storage unit 
310 and the usage condition storage unit 305 may 
be constructed within a card such as SIM that is at- 

35 tachabie to and detachable from the mobile phone. 

(5) Still further, at the time of encrypting the content 
using the DES encryption, the content is divided into 
data blocks each having 64 bits, and then each data 

4Q block is encrypted using the 56-bit unique key to 
generate a 64-bit encrypted data block. The thus 
generated encrypted data blocks are then concate- 
nated together, and the concatenated encrypted 
data blocks are outputted as the encrypted content. 

43 

(6) With the above construction, a content which is 
provided with a usage condition is played back only 
under the conditions conforming to the usage con- 
dition, 

50 Further, generally speaking, the internal stor- 

age unit 303 of the mobile phone 300d is limited in 
its memory capacity. Conventionally, this limitation 
results in the following problem. In the case the in- 
ternal storage unit is full with digital works, the user 

55 is required to delete some of the digital works stored 
in the internal storage unit to secure a free memory 
space before purchasing another digital work, or 
otherwise he simply has to give up purchasing an- 
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other digital work. 

However, according to embodiments, similarly 
to the embodiments 1 and 2, the user is allowed to 
store some of the digital works stored in the internal 
storage unit 303 of the mobile phone 300d into the 
memory card 400d attached the mobile phone 300d 
when he decides not to use the digital works any 
time soon, in this manner, a free memory space is 
secured in the internal storage unit 303 of the mo- 
bile phone 300d without losing the rights to play 
back those digital works he has purchased. As a 
consequence, the user is allowed to purchase some 
more digital works to store into the internal storage 
unit 303, 

(7) With the above construction, when a content Is 
encrypted and stored in a memory card attached to 
a certain mobile phone, the encrypted content is not 
possibly decrypted or played back by any other mo- 
bile phone than that particular mobile phone. That 
Is to say, embodiment 3 achieves an effect of meet- 
ing copyholders* demand that a content stored into 
a memory card using a certain mobile phone be pro- 
hibited from being decrypted or played back using 
any other mobile phone although the memory card 
is attached thereto. 

4. PREFERRED EMBODIMENT 4 

[0224] rTow, description is given to another preferred 
embodiment 4. 

4.1 Model Change System 600e 

[02251 Here, description is given to a model change 
system 6QGe> 

[0226] The model change system SOOe aims to pro- 
vide a model change device used to change a record/ 
playback device, such as a mobile phone, that Is usable 
under a contract made between a user and a service 
provider to a new record/playback device due to a 
change of the contract Upon the modei change with this 
model change device, digital works stored in the origi- 
nally used record/playback device are available for the 
new record/playback device with no processing per- 
formed on the digital works, 

[0227] For example, upon release of new mobile 
phones having additional features, a user may want to 
change a mobile phone that he currently uses to a new 
one. In such a case, the user is allowed to use the new 
mobile phone with the same telephone number that is 
originally allotted to the current one. This is done by re- 
allotting the telephone number that is originally allotted 
to the current mobile phone to the new mobile phone. 
Such re-allotting of a certain telephone number that is 
allotted to a certain mobile phone to another mobile 
phone is referred to as model change of mobile phones. 
[0228] After the model change as described above, 



the contents that have been purchased and stored in 
the mobile phone of the embodiment 1 , 2 r or 3 are not 
usable with the new mobile phone. Description as to why 
such contents will not be played back has been already 

5 given above, 

[0229] It is disadvantageous to the user if th e co ntents 
that the user has purchased and stored in the memory 
card become non-usable due to the model change. The 
modei change system 600e aims to address this prob- 

10 lem. 

(Construction of Model Change System 600e) 

[0230] As shown in FIG. 21, the model change system 

is 600e is composed of a mobile phone A 300e, a model 
change device 500, and a mobile phone B 300t The 
mobile phone A 300e and the mobile phone B 300f are 
separately connected to the model change device 500. 
[0231] The mobile phone A 300e has a construction 

20 similar to that of any of the mobile phones described in 
the above embodiments 1,2 and 3 f except a unique in- 
formation storage unit 31 Oe. Note that the other compo- 
nents are not illustrated in the figure for the simplicity 
sake. The unique information storage unit 31 Oe 

25 prestores unique information. 

[02323 Further, the mobile phone B 300f has a con- 
struction similar to that of any of the mobile phones de- 
scribed In the above embodiments 1 , 2 and 3, except a 
unique information storage unit 31 Of. Note that the other 

so components are not illustrated in the figure for the sim- 
plicity sake. The unique information storage unit 31 Of 
has a storage area for storing the unique information. 
[0233] The model change device 500 is composed of 
an information read unit 501 and an information write 

35 unit 502. 

[0234] The information read unit 501 reads the unique 
information stored in the unique information storage unit 
31 Oe that is included in the mobile phone A300e, and 
successively deletes the unique information, from the 
40 unique information storage unit 310e. The information 
read unit 501 then outputs the read information to the 
information write unit 502, 

[0235] The information write unit 502 receives the 
unique information from the information read unit 501 , 

45 and writes the received unique information into the 
unique information storage unit 31 Of that is included in 
the mobile phone B 300f, Here, the unique information 
is information that is unique to the mobile phone A 300e. 
Examples of the unique information include the tele- 

30 phone number allotted to the mobile phone A 300e, a 
random number that is randomly generated and allotted 
to the mobile phone A 300e> 
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(Operations of Model Change System 600e) 

[0236] Now, description is given to the operations of 
the model change system 600e with reference to the 
flowchart shown in FIG. 22. 
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[0237] The information read unit 501 reads the unique 
information from the unique information storage unit 
31 Oe (stepS301), and successively deletes the unique 
information from the unique information storage unit 
301 e (step S302). Next, the information write unit 502 
writes the unique information storage unit 31 Of that is 
received from the information read unit 501 into the 
unique information storage unit 31 Of (step S3G3), 

(Overview) 

[0238] With the above construction, the mobile phone 
B is altowedto read and play backthe contents that have 
been purchased and stored into the memory card using 
the mobile phone A without performing any processing 
on the contents. 

4.2 Model Change System 600g 

[0239] Here, description is given to a model change 
system 600g. 

[0240] Asshown in FIG. 23, the model change system 
600g is composed of a mobile phone A 300g, the model 
change device 500, and a mobile phone B 300h. The 
mobile phone A 300g and the mobile phone B300h are 
separately connected to the modei change system 500. 
[0241] The mobile phone A 300g has a construction 
similarv'-to that of any of the mobile phones described in 
the embodiment 2 and 3 t except a unique information 
storage unrt 31 Og and a usage condition storage unit 
305g.'-Note that the other components are not illustrated 
in the figure for the simplicity sake. The unique informa- 
tion storage unit 31 Og prestores unique information, and 
the usage condition storage unit 305g prestores the us- 
age cpndition. 

[0242] The mobile phone B 300h has a construction 
similar to that of the mobile phone described in the em- 
bodiment 2 or 3, except a unique information storage 
unit 31 Oh and a usage condition storage unit 305h, Note 
that the other components are not illustrated in the figure 
for the simplicity sake. The unique Information storage 
unit 31 Oh has a storage area for storing the unique in- 
formation, and the usage condition storage unit 305h 
has a storage area for storing the usage condition, 
[0243] The modei change system 500 is composed of 
an information read unit 501 and an information write 
unit 502, 

[0244] The information read unit 501 reads the unique 
information from the unique information storage unit 
31 Og that is included in the mobile phone A 300g, and 
reads the usage condition from the usage condition stor- 
age unit 305g, Subsequently, the information read unit 
501 deletes the unique information and the usage con- 
dition from the unique information storage unit 31 Oe and 
the usage condition storage unit 305g, respectively. 
Next, the information read unit 501 outputs the read 
unique information and usage condition to the informa- 
tion write unit 502. 



[0245] In response, the information write unit 502 re- 
ceives the unique information and usage condition from 
the information read unit 501. Next, the information write 
unit 502 writes the received unique information and us- 
5 age condition respectively into the unique information 
storage unit 31 Oh and the usage condition storage unit 
305h both of which are included in the mobile phone B 
300h. 

[0246] With the above construction, the mobile phone 
10 B is aliowedto read and play back the contents that have 
been purchased and stored into the memory card by the 
mobile phone A without processing the contents at all. 

4,3 Modification 

15 

[0247] Normally, in order for model change or cancel- 
lation of contract, mobile phone users need to bring his 
mobile phoneto a mobile phone service provider typified 
by "DoCoMo shop" where processing for model change 

so or cancellation of contract is performed. Here, "cancel- 
lation of contract" refers to cancellation of the contract 
that has been made between a mobile phone user and 
a mobile phone service provider, After cancellation of a 
contract, the telephone number allotted to a mobile 

25 phone under the contract is no longer usable. 

[0248] Hereinafter, description is given to a model 
change system which eliminates user's trouble to make 
a trip to a service provider shop at the time of canceling 
his contract. 

30 [0249] At the time of model change or cancellation of 
a contract, requirements such as the following must be 
fulfilled. 

(Requirement a) 

35 

[0250] Upon model change of mobile phone, it is re- 
quired that a new mobile phone (a newly purchased mo- 
bile phone) replacing a current one will be allowed to 
play back the contents stored in the memory card. In 
40 return, it is required that the mobile phoneto be replaced 
(the mobile phone currently in use) will be no longer al- 
lowed to play back the contents stored in the memory 
card, 

45 (Requirement b) 

[0251] Even after the contract for a mobile phone h 
cancelled, it is required that the contents stored in the 
memory card be still played back by the mobile phone, 
so That is to say, after the cancellation of the contract, the 
mobile phone is no longer works as a telephone, but still 
works as a playback device for playback the contents 
that have been purchased earlier. 

55 (Requirement c) 

[0252] Even when a service provider of mobile 
phones (carrier) Is changed to another one, it is required 
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that the content stored in the memory card stilt be played 
back by the mobile phone that is usable under opera- 
tions by the new carrier. For example, even after the mo- 
bile phone service provider is changed from "DoCoMo" 
to "au", the mobile phone still needs to be allowed to 
play back the contents stored In the memory card. 

(1) Model Chang System 600m 

[0253]f A model change system 600m aims to meet 
"Requirement A" above. To this end, the model change 
system 600m stores the unique information stored in the 
mobile phone that is currently fn use to a new mobile 
phone via a communications network, and successively 
deletes the unique information from the current mobile 
phone via a communications network. 
[0254] As shown in FIG, 24, the model change system 
600m is composed of a mobile phone A 300m, a mobile 
phone B 300n, a personal computer (PC) 650, and a 
model change device 500m. The PC 650 and the model 
change device 500m are connected with each other via 
the Internet 10, The mobile phone A 300m is a mobile 
phone that is currently in use and to be replaced, and 
the mobile phone B 300n is a new mobile phone replac- 
ing the current one, 

(Mobile Phone A 300m) 

[0255] The mobile phone A 300m has a construction 
similar to that of any of the mobile phones described in 
the embodiment 1 , 2, and 3, .excepts unique information 
storage unit 310m, Additionally, the mobile phone A 
300m includes a judgment unit 360m. Note that the oth- 
er components are not illustrated in the figure for the 
simplicity sake. 

[0256] The unique information storage unit 310m 
prestores unique information. 

[0257] The Judgment unit 350m, when the mobile 
phone A 300m is connected to the model change device 
500m via the PC 650 and the internet 10, receives from 
the model change device 500m first model change in- 
formation which will be described later. The judgment 
unit 360m then judges whether the received first model 
change information is valid information based on signa- 
ture information included in the first model change infor- 
mation. Since the technique of judging authenticity of 
the first model change information is known as a digital 
signature technique, so that detailed description thereof 
is omitted. When judging that the information is valid, 
the judgment unit 360m r following a read instruction in- 
cluded in the first model change information, reads the 
unique information from the unique information storage 
unit 31 Om, and transmits the read unique information to 
the model change device 500m via the PC 650 and the 
Internet 1 0. in addition, when judging that the informa- 
tion is valid, the judgment unit 360m, following a delete 
instruction included in the first model change informa- 
tion, deletes the unique information from the unique in- 



formation storage unit 310m. Alternatively, when judg- 
ing that the information is invalid, the judgment unit 
380m simply discards the received first model change 
information, and performs no operation. 

5 

(Mobile Phone B 300n) 

[0258] The mobile phone B 300n has a construction 
similar to that of any of the mobile phones described in 
10 embodiment 1, 2, and 3, except a unique information 
storage unit 31 On, Additionally, the mobilephone B 300n 
includes a judgment unit 360n. Note that the other com- 
ponents are not illustrated in the figure for the simplicity 
sake. 

is [0259] The unique information storage unit 31 On has 
a storage area for storing the unique information. 
[0260] The Judgment unit 360n, when the mobile 
phone B 300n is connected to the model change device 
500m via the PC 650 and the Internet 10, receives from 
zo the model change device 500m second modei change 
information, which will be described later, and judges 
whether the received second model change information 
is valid information based on signature data included in 
the second model change information. When judging 
25 that the information is valid, the judgment unit 360n, fol- 
lowing a write instruction included in the second model 
change information, extracts the unique information 
from the second modei change information, and writes 
the extracted unique information into the unique infor- 
30 mation storage unit 31 On, Alternatively, when judging 
that the information is invalid, the judgment unit 380n 
simply discards the received second model change in- 
formation, and performs no operation. 

35 (PC 650) 

[0261] To be more specific, the PC 650 is a computer 
system composed of, for example, a microprocessor, 
ROM, RAM, a hard disk unit, a display unit, a keyboard, 

40 a mouse, a LAN connecting unit, and a connecting unit 
for a mobile phone, The RAM orthe hard disk unit used 
in the computer system stores a computer program. The 
PC 650 performs its function by the microprocessor op- 
erating in accordance with the computer program. 

45 [0262] Upon receipt of a user operation for model 
change, the PC 650 transmits a model change instruc- 
tion to the model change device 500m via the Internet 
10, 

[0263J Successively* the PC 650 performs transmis- 
50 sion of information between the mobile phone A 300m 
and the model change device 500m via the Internet 10- 
The PC 650 then performs transmission of information 
between the mobile phone B 300n and the model 
change device 500m via the Internet 10. 

55 

(Model Change Device 500m) 

[0264] The model change device 500m has a con- 
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struction similar to that of the model change device 500, 
and additionally includes a transmission/reception unit 
505. 

[0265] The transmission/reception unit 505 receives 
the model change Instruction from the PC 650 via the 5 
internet 10. Upon receipt of the model change instruc- 
tion, the transmission/reception unit 505 generates first 
model change information. Here, the first model change 
information includes signature data indicating the self- 
authenticity, a read instruction instructing to read the 10 
unique information, and a delete instruction instructing 
to delete the unique information. Next, the transmission/ 
reception unit 505 transmits the generated first model 
change information to the mobile phone A 300m. 
[0266] Further, the transmission/reception unit 505 15 
receives the unique information from the mobile phone 
A 300m. 

[0267] Next, the transmission/reception unit 505 gen- 
erates second modelchange information. Here, the sec- 
ond model change information includes signature data zo 
indicating the seif-autbentrcity, a read instruction in- 
structing to read the received unique information, and a 
write instruction instructing to write ihe unique informa- 
tion. Next, the transmission/reception unit 506 transmits 
the generated second model change information to the 2$ 
mobile phone B 300n. 

■-(.Operations of Model Change System 600m) 

■[0268] Now, description is given to the operations of 30 
model change system 600m with reference to the flow- 
chart shown in FIG. 25, 

[0269] At this stage, the user connects both the mo- 
bile .phone A 300m and the mobile phone 8 300n to the 
PC 650, 35 
[0270] Upon receipt of a user operation for model 
change (step S501), the PC 650 transmits a model 
change instruction to the model change device 500m 
via the Internet 10 (step S502). 

[0271] In response, the transmission/reception unit 40 
505 included in the model change device 500m receives 
the model change instruction from the PC 650 via the 
Internet 10 (step S502), generates the first model 
change information (step S503), and transmits the gen- 
erated first model change information to the mobile 4s 
phone A 300m (step S504), 

[0272] Upon receipt of the first model change infor- 
mation (step S504), the judgment unit 360m included in 
the mobile phone A 300m reads the unique information 
from the unique information storage unit 310m (step so 
S505), and transmits the read unique information to the 
model change device 500m via the PC 650 and the In- 
ternet 1 0 (step S506). The judgment unit 360m then de- 
letes the unique information from the unique information 
storage unit 31 Om (step S507). ss 
[0273] Upon receipt of the unique information from the 
mobile phone A 300m (step S506), the transmission/re- 
ception unit 505 of the model change device 500m gen- 



erates the second model change information (step 

5508) , and transmits the generated second model 
change information to the mobile phone B 300n (step 

5509) . 

[0274] Upon receipt of the second model change in- 
formation from the mode! change device 500m (step 
S509), the judgment unit 360n of the mobile phone B 
300n extracts the unique information from the second 
model change information, and writes the extracted 
unique information into the unique information storage 
unit 31 On (step S510). 

(2) Modification 

[0275] Here, description is given to a modification of 
the model change system 600m aiming to meet "Re- 
quirement b" mentioned above. 
[0276] In the modification described herein, the 
unique information stored in a mobile phone is generat- 
ed from unique information other than the telephone 
number allotted to that mobile phone. Thus, contents 
stored in the memory card have been encrypted not with 
the telephone number but with another type of unique 
information . In other words, the contents are bound to 
unique information other than a telephone number, and 
then stored in a recording medium, 
[0277] Further, at the time of cancellation of the con- 
tract, the telephone number allotted to and stored in the 
mobile phone to be canceled is deleted so as to disable 
the telephone number. Yet, the mobile phone still holds 
the unique information so as to allow playback of the 
content 

[0278] The modified model change system 600m has 
a construction similar to the model change system 
600m, To be more specific, the modified model change 
system 600m is composed of the mobile phone A 300m, 
the PC 650, and the model change device 500m. The 
PC 650 and the model change device 500m are con- 
nected to each other via the Internet 10. Here, the mo- 
bile phone A 300m is the phone that the user is going 
to cancel its contract. 

[0279] The unique information storage unit 310m of 
the mobile phone A 300m stores information unique to 
the mobile phone A 300m, such as a random number 
allotted to the mobile phone A 300m, as well as the tel- 
ephone number allotted to the mobile phone A 300m. 
[0280] The user connects the mobile phone A 300m 
to the PC 650 r and performs operations for canceling 
the contract of the mobile phone using the PC 650. 
[0281 ] Upon receipt of the user operation for the can- 
cellation, the PC 650 outputs a cancellation instruction 
to the mobile phone A 300m. 

[0282] In response, the judgment unit 360 of the mo- 
bile phone A 300m receives the cancellation instruction. 
Upon receipt of the cancellation instruction, the judg- 
ment unit 360m reads the telephone number from the 
unique Information storage unit 31 Om, and transmits the 
read telephone number to the mode! change device 
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500m via the PC 650 and the Internet 10. 
[0283] In response, the transmission/reception unit 
505 of the model change device 500rn receives the tel- 
ephone number via the PC 650 and the Internet 1 0, and 
performs processing for the cancellation based on the 
received telephone number, 

(3) Modification 

[0284] Here, description is given to another modifica- 
tion of the model change system 600m aiming to meet 
"Requirement c" mentioned above. 
[0285] Generally speaking, when the mobile phone 
carrier is changed to another one, the telephone number 
is changed as well. For this reason, in the modification 
described herein, the unique information stored in the 
mobile phone is generated not from the telephone 
number but from another type of unique information. 
Thus, contents stored in the memory card have been 
encrypted not with the telephone number but with an- 
other type of unique information. In otherwords, the con- 
tents are bound to unique information other than the tel- 
ephone number and then stored in a recording medium. 
Further, the unique information is heid stored within the 
mobile phone even after the change of carrier, 
[0286] The modified model change system 600m has 
a construction similar to the model change system 
600m. To be more specific, the modified model change 
system 600rais composed of the mobile phone A 300m, 
the PC 650, and the model change device 500m, The 
PC 650 and the model change device 500m are con- 
nected to eacfr other via the Internet 1 0. Here, the mo- 
bite phone A 300m is the phone that the user Is going 
to change its carrier, 

[0287] Here .;the description is given to the operations 
of the modified model change system 600m with refer- 
ence to the flowchart shown in FIG. 26. 
[0288] The unique information storage unit 310m of 
the mobile phone A 300m stores information unique to 
the mobile phone A 300m, such as a random number 
allotted to the mobile phone A 300m, as well as the tel- 
ephone number originally allotted to the mobile phone 
A 300m. 

[0289] The user connects the mobile phone A 300m 
to the PC 650, and performs operations for cancellation 
of the mobile phone using the PC 650, 
[0290] Upon receipt of the useroperation for changing 
the service provider (step S531 ), the PC 650 outputs to 
the mobile phone A 300m a read instruction instructing 
to read the current telephone number (step S532)* In 
response, the judgment unit 360m included in the mo- 
bile phone A 300m reads the current telephone number 
from the unique information storage unit 31 Orn, and out- 
puts the read current telephone numberto the PC 650 
(step S534). 

[0291] in response, the PC 650 receives the current 
telephone number from the mobile phone A 300m (step 
S534), generates a carrier change instruction, and 



transmits the generated charier change instruction 
along with the received current telephone numberto the 
model change device 500m via the Internet 10 (step 

5535) . 

> [0292] The transmission/reception unit 505 of the 
model change device 500m performs processing to can- 
cel the contract of the current telephone number {step 

5536) . Then, transmission/reception unit 505 performs 
processing to make a new contract with a service pro- 
's vider {step S537), performs an operation for a new tel- 
ephone number setting (step S538), and transmits the 
newly set telephone numberto the PC 650 via the in- 
ternet 10 (step S539). 

[0293] In response, the PC 650 receives the new tel- 
/5 ephone number (step S539), and outputs the received 
new telephone number to the mobile phone A 300m 
(step S540), 

[0294] Upon receipt of the new telephone number 
(step S539), the judgment unit 360m of the telephone 
20 number A 300m deletes the current telephone number 
from the unique information storage unit 310m (step 

5541) , and writes the received new telephone number 
into the unique information storage unit 310m (step 

5542) , 

25 

(4) Other Modification 

[0295] The above description is given to model 
change systems each of which meets "Requirement a, 
30 b, or c'\ Each of these model change systems performs 
model change, cancellation of the contract, or change 
of the carrier via the Internet 

[0296] Yet, the techniques employed in the model 
change systems meeting "Requirement a, b, or c* may 

35 be applied to a model change system that does not in- 
volve Internetconnection.Thatistosay, the above mod- 
el change system 600e which does not involve Internet 
connection may be constructed to meet the "Require- 
ment a, b, or c". Similarly, the above model change sys- 

40 tern 600g which does not involve Internet connection 
may be constructed to meet the "Requirement a, b, ore", 

4,4 Other 

45 [0297] The mobile phone in the above embodiment 4 
may be constructed to have its unique information stor- 
age unit within a SIM card. In this case, upon model 
change, the user detaches the SIM card from the mobile 
phone A, and attaches the SIM card that is detached 

50 from the mobile phone A to the mobile phone B, Alter- 
natively, upon model change, the model change device 
may perform detachment of the SIM card from the mo- 
bile phone A and attachment of that SIM card to the mo- 
bile phone 8. 

55 [0298] As apparent from the above description, the in- 
ternal storage unit 303 of the mobile phone consistent 
with the present invention is generally limited in its mem- 
ory capacity. Conventionally this limitation results in the 
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following problem, tn the case the internal storage unit 
is full with digital works, the user is required to delete 
some of the digital works stored in the internal storage 
unit to secure a free memory space before purchasing 
another digital work, or he simply has to give up pur- 
chasing another digital work. 

[0299] However, according to the present invention, 
a user is allowed to store some of the digital works 
stored in the internal storage area of the main device, L 
e., the mobile phone, into a recording medium attached 
the main device when he decides not to use the digital 
works any time soon. In this manner, a free memory 
space is secured in the internal storage area of the main 
device without losing the rights to play back those digital 
works he has purchased. As a consequence, the user 
is allowed to purchase and store some more digital 
works into the internal storage area. 
[0300] Further, with the above construction, a content 
encrypted and stored by a certain main device into a 
recording medium is not possibly decrypted and played 
back by any other main device although the recording 
medium is attached thereto. That is to say, the present 
invention achieves an effect of meeting copyholders' de- 
mand that a content stored by a certain main device into 
a recording medium device attached thereto be prohib- 
ited from being decrypted or played back using any oth- 
er main device although the recording medium device 
is attached thereto, 

[0301.]:- Still further, the present invention achieves the 
effect* at a content provided with a certain usage con- 
dition-is permitted to be played back only when the us- 
age condition is met. 

[0302];* Still further, the present invention achieves the 
following effect upon model change from a certain main 
device?lo another main device. That is, a new mam de- 
vice that has replaced an originally used main device is 
permitted to read and playback the contents that have 
been purchased and stored in a recording medium de- 
vice by the original main device without applying 
processing to the contents. 

5. PREFERRED EMBODIMENTS 

[0303] Now, description is given to a digital work dis- 
tribution system 1001 {not illustrated) consistent with 
preferred embodiment 5 of the present invention. 
[0304] The digital work distribution system 1 0Oi has a 
construction similar to that of the digital work distribution 
system 1 00. Thus, description is given mainly to the dif- 
ferences with the digital work distribution system 100. 
[0305] The digital work 'distribution system 1Q0i in- 
cludes a mobile phone 300j and a memory card 400i or 
a memory card 400p instead of the mobile phone 300 
and the memory card 400, respectively. 
[0306] The user attaches either of the memory card 
4001 or 400p to the mobile phone 300L 



5.1 Construction of Memory Card 400i 

[0307] As shown in FIG. FIG. 27, the memory card 
400i is composed of a type storage unit 414, an authen- 
s tication unit 490, a first external storage unit 41 2, and a 
second external storage unit 411 . 
[0308] The type storage unit 414 prestores informa- 
tion showing a second type that is the type of the mem- 
ory card 400i. 

10 [0309] The authentication unit 490 performs chal- 
lenge-response type mutual authentication with the au- 
thentication unit 390 included in the mobile phone 300L 
[0310] The first external storage unit 412 has a stor- 
age area for storing the encrypted content. 

*s [0311] The second external storage unit 411 is a 
memory unit that is permitted to be read and written from 
another end, i.e., the mobile phone 300i only after au- 
thentication by the authentication unit 490 has been suc- 
cessfully performed. The second external storage unit 

so 411 has a storage area for storing encrypted concate- 
nated information, which will be described later 

5.2 Construction of Memory Card 400p 

25 [0312] As shown in FIG. 27, the memory card 400p is 
composed of a type storage unit 415 and an external 
storage unit 410. 

[0313] The type storage unit 415 prestores informa- 
tion showing a first type that is the type of the memory 
so card400p. 

[0314] The first external storage unit 41 0 has a stor- 
age area for storing the encrypted content, 
[0315] Here, the memory card 400i and the memory 
card 400p differ in that the memory card 400i has the 
35 authentication unit while the memory card 400p does 
not. 

5.3 Mobile Phone 300i 

40 [0316] As shown in FIG, 27, the mobiie phone 300i 
Includes a first encryption/decryption unit 382 and a sec- 
ond encryption/decryption unit 381 instead of the en- 
cryption/decryption unit 380 that the mobile phone 300 
includes. Further, the mobile phone 300i includes a type 
45 read unit 391 and the authentication unit 390. With other 
respect, the mobile phone 300i includes components 
similar to those of the mobile phone 300. 

(1) Type Read Unit 391 

so 

[0317] When eithertbe memory card400i or the mem- 
ory card 400p is attached to the mobile phone 300i, the 
type read unit 391 reads the second type information 
from the type storage unit 41 4 of the memory card 400! 
55 jf the memory card 400I is attached, or reads the first 
type information from the type storage unit 415 of the 
memory card 400p if the memory card 400p is attached. 
[0318] Successively, the type read unit 391 outputs 
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the first type information or second type information 
whichever is read to the control unit 366L 

{2) Control Unit366i 

[031 9] The control unit 366i receives the first type in- 
formation or the second type information from the type 
read unit 391. 

[0320] In the case of receiving the first type informa- 
tion, the control unit 366i instructs the first encryption/ 
decryption unit 382 to perform encryption/decryption 
processing. 

[0321] In the case of receiving the second type infor- 
mation, the control unit 366! first instructs the authenti- 
cation unit 330 to perform mutual authentication with the 
memory card 400L Upon receiving information indica- 
tive of successful authentication from the authentication 
unit 390, the control unit 3661 instructs the second en- 
cryption/decryption unit 381 to perform encryption/de- 
cryption processing, Alternatively upon receiving infor- 
mation indicative of unsuccessful authentication from 
the authentication unit 390, the control unit 366i termi- 
nates the processing, 

(3) Authentication Unit 390 

[0322] Upon receipt of an authentication instruction 
from the control unit 366), the authentication unit 390 
performs challenge-response type mutual authentica- 
tion with the authentication unit 490 of the memory card 
4Q0I, and then outputs to the control unit 366i informa- 
tion showing whether the authentication has been per- 
formed successfully or unsuccessfully. 

(4) Second Encryption/Decryption Unit 381 

[0323] The second encryption/decryption unit 381 
has a construction similar to that of the encryption/de- 
cryption unit 3B0b. 

[0324] That is, the second encryption/decryption unit 
381 generates a title key and encrypts the title key using 
a unique key to generate an encrypted title key The sec- 
ond encryption/decryption unit 381 also encrypts a con- 
tent using the title key to generate an encrypted content. 
[0325] In addition, the second encryption/decryption 
unit 381 decrypts the encrypted title key that is read from 
the memory card 400i to generate the title key, and then 
decrypts the encrypted content that is read from the 
memory card 400i using the generated title key to gen- 
erate the content. 

(5) First Encryption/Decryption Unit 382 

[0326] The first encryption/decryption unit 382 has a 
construction similar to the encryption/decryption unit 
380, 

[0327] That is, the first encryption/decryption unit382 
encrypts a content using a unique key to generate an 



encrypted content. Alto, the encryption/decryption unit 
382 decrypts the encrypted content that is read from the 
memory card 400p using the unique key to generate the 
content 

5 

5.4 Operations of Digital Work Distribution System 1 0Oi 

[0328] Now f description is given to the operations of 
digital work distribution system 1001 with reference to 

10 the flowchart shown in FIG, 28, 

[0329] When eitherthe memory card 400i orthe mem- 
ory card 400p is attached to the mobile phone 300i, the 
type read unit 391 reads the second type information 
from the type storage unit 414 of the memory card 400i 

15 if the memory card 400t is attached, or reads the first 
type information from the type storage unit 415 of the 
memory card4O0p if the memory card 400p is attached, 
The type read unit 391 outputs the read first type infor- 
mation or second type information to the control unit 

20 366i (step S351 ). 

[033O] Upon receipt of the first type information (step 
S352), the control unit 366i instructs the first encryption/ 
decryption unit 382 to perform encryption/decryption 
processing, in response, the first encryption/decryption 

25 unit 382 performs encryption/decryption processing 
(step S358), 

[0331] On the other hand, upon receipt of the second 
type information (step S352), the control unit 366i first 
instructs the authentication unit 390 to perform mutual 

30 authentication. In response, the authentication unit 390 
authenticates the authentication unit 490 of the memory 
card 400 i (step S353). When the authentication is suc- 
cessful (step S354, YES), the authentication unit 390 
waits for the authentication unit 490 of the memory card 

35 400i to authenticate the authentication unit 390 (step 
S355), When the authentication by the authentication 
unit 490 is successful (step S356, YES), the control unit 
366i instructs the second encryption/decryption unit 381 
to perform encryption/decryption processing. In re- 

40 sponse, the second encryption/decryption unit 381 per- 
forms encryption decryption processing (step S357). 
[0332] in the case authentication in the step S354 or 
in the step S356 is unsuccessful, the control unit 366i 
terminates the processing, 

45 

5.5 Overview 

[0333] As described above, in embodiment 5, the mo- 
bile phone judges whether a memory card attached 

so thereto includes an authentication unit based on the 
memory card type. When judging that the memory card 
includes an authentication unit, the mobile phone per- 
f o rms encryption/decryptio n p rocessing with th e second 
encryption/decryption unit. Alternatively, when judging 

55 that the memory card does not include an authentication 
unit, the mobile phone performs encryption/decryption 
processing with the first encryption/decryption unit. 
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6. PREFERRED EMBODIMENT S 

[0334] Now, description is given to a digital work dis- 
tribution system 100J (not illustrated) consistent with 
preferred embodiment 6 of the present invention. 
[0335] The digital work distribution system 1 0Oj has a 
construction similar to that of the digital work distribution 
system 100c. Thus, description is given mainly to the 
differences with the digital work distribution system 
100c. 

[0336] The digital work distribution system 100J in- 
cludes a content distribution server device 200j ; a mo- 
bile phone 300i, and a memory card 400j instead of the 
content distribution server device 2 00, the mobile phone 
300, and the memory card 400, respectively, The digital 
work distribution system 1 0Ojfurtherincludes a payment 
device (not illustrated). The content, distribution server 
device 200j and the payment device are connected to 
each other via the Internet 10. 

(1) Content Distribution Server Device 200j 

[0337] As shown in FIG. 29 by way of example, the 
content storage unit 201 of the content distribution serv- 
er device 200j includes a right information table 610, 
[0338] The right information table 610 has a plurality 
of storage areas each for storing usage information 
composed of a user ID and usage right information. The 
user IQ. is an identifier for identifying a user. 
[G33Sfc The content ID is an identifier for identifying a 
content 

[0340]* The usage right information is the right of the 
user to- use the content, 

(2) Memory Card 400j 

[0341] As shown in FIG. 30 by way of example, the 
memory card 400J includes a first external storage unit 
412j and a second external storage unit 411 j. 
E0342J The first external storage unit 41 2j has a stor- 
age area for storing an encrypted content. The second 
external storage unit 411 j has a storage area for storing 
usage information composed of the content ID and the 
usage right information. 

[0343] Note that the second externa] storage unit 41 1] 
is readable and writable only afterthe mobile phone 300J 
and the memory card 400j are mutually authenticated. 

(3) Mobile Phone 300j 

[0344] The mobile phone 300j prestores the user 
identifier for identifying the user of the mobile phone 
300j. 

(4) Operations of Digital Work Distribution System 100j 

[0345] With reference to the flowchart shown in FIGs. 
31 and 32, description is given to the operations of the 



digital work distribution system 100j. 
[0346] First, description is given to the operations per- 
formed to obtain a content from the content distribution 
server device 200J, 
s [0347] Upon receipt of a content ID from the input unit 
365, the content purchasing unit 301 of the mobile 
phone 300j transmits to the content distribution server 
device 200j the content ID together with the user ID. that 
is stored therein (step S371). 
10 [0348] Upon receipt of the user ID and the content ID 
(step S371), the content distribution server device 200j 
calculates a content fee using the received content ID 
(step S372), and transmits to the payment device the 
user ID f the content, ID and the calculated content fee 
15 (step S373). 

[0349] Upon receipt of the user ID, the content ID, and 
the content fee (step S373), the payment device per- 
forms the payment processing for the user identified by 
the received user ID to make the payment according to 
the received content fee, and generates a payment cer- 
tificate (step S374), and transmits the user ID, the con- 
tent ID, and the payment certificate to the content dis- 
tribution server device 200j (step S375). 
[0350] Upon receipt of the user ID, the content ID, and 
the payment certificate (step S375), the content distri- 
bution server device 200j reads the content that corre- 
sponds to the received content ID from the content stor- 
age unit 201 (step S376), generates the usage right in- 
formation for the read content (step S377), and writes 
the received user ID and contents ID in association with 
the generated usage right information into the right In- 
formation table 61 0 provided in the content storage unit 
201 (step S37B). Next, the content distribution server 
device 200j transmits the read content, the generated 
usage right information, and the received content ID to 
the mobile phone 300j (step S379). 
[0351] Upon receipt of the content, the usage right in- 
formation, and the content ID (step S379), the mobile 
phone 300j encrypts the received content and stores the 
encrypted content into the first external storage unit 41 2j 
included in the memory card 400j (step S380), Further, 
the mobile phone 300j writes the received usage right 
information and content ID in association with each oth- 
er into the second external storage unit 411 j included in 
the memory card 400J (step S381), 
[0352] Next, description is given to the operations for 
re-obtaining the once obtained content in the case, for 
example, the user deletes the encrypted content stored 
in the memory card 400j by mistake, 
[0353] The mobile phone 300j reads the content ID 
together with the corresponding usage right information 
from the second external storage unit 411j included rn 
the memory card 400j (step S391), and transmits to the 
content distribution sever device 200j the read content 
ID and usage right information together with the user ID 
(step S392). 

[0354] Upon receipt of the user ID, the content ID, and 
the usage right information (step S392), the content dis- 
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tribution server device 200J judges whether the right in- 
formation table 610 includes the same set of user ID and 
content ID as the received set (step S393), When judg- 
ing that the same set of user ID and content iD are 
present in the right information table 610 (step 3393, 
YES), the content distribution server device 2G0j reads 
from the content storage unit 201 the content corre- 
sponding to the received content iD (step S394), and 
then transmits the read content to the mobile phone 300j 
(step S395), 

[0355] In response, the mobile phone 300] receives 
the content (step S395), encrypts the received content 
to write Into the memory card 400j (step S396). 
[0356] Alternatively, when judging that the same set 
of user ID and content ID as the received set is not 
present in the right information table 610 (step 393 t 
NO) , the content distribution server device 200j dis- 
cards the received user ID f content ID, and usage right 
information, and performs no other operations. 

7, PREFERRED EMBODIMENT 7 

[0357] Now, description is given to a digital work dis- 
tribution system 100k (not illustrated) consistent with 
preferred embodiment 7 of the present invention, 
[0358] The digital work distribution system 1 00k has 
a construction similar to the digital work distribution sys- 
tem 100c. Thus, description Isgiven mainly to the dif- 
ferences with the digital work distribution system 100c. 
[0359] The digital work distribution system 100k in- 
cludes a content distribution server device 200k, a mo- 
bile phone 300k, andamemory card 400k instead of the 
content distribution server device 200c, the mobile 
phone 300c and the memory card 400, respectively 

(1) Content Distribution Server Device 200k 

[0360] As shown in FIG. 33 as one example, the con- 
tent storage unit 201 of the content distribution server 
device 200k includes a content information table 620. 
[0361] The content information table 620 includes a 
plurality of sets of content information each composed 
of a content ID, a corresponding content, and a corre- 
sponding type of unique information. 
[0362] The content ID is an Identifier for identifying the 
content. 

[0363] The content is a digital work such as a piece 
of music or a movie. 

[0364] The type of unique information shows what 
unique information is to be used to encrypt the content 
upon being stored into the memory card 400k. A shown 
in the figure, the type of unique information in this ex- 
ample shows either "medium unique' 1 type or "device 
unique" type. 

(2) Memory Card 400k 

[0365] As shown in FIG. 34, the memory card 400k 



includes the authentication unit 490, a first external stor- 
age unit 412k, and a second external storage unit 411 k. 
[0366] The first external storage unit 41 2k prestores 
medium unique information which is the information 
5 unique to the memory card 400k. Further, the second 
external storage unit 41 1 k has storage areas for storing 
the unique information type and the encrypted content 
in association with each other. 

[0367] The authentication unit 490 performs chal- 
10 ienge-response type mutual authentication with the au- 
thentication unit 390 of the mobile phone 300k. 

(3) Mobile Phone 300k , 

15 [0368] As shown in FIG. 34, the mobile phone 300k 
includes a first encryption/decryption unit 382 and athird 
encryption/decryption unit 383 instead of the encryption/ 
decryption unit 380 included in the mobile phone 300. 
The mobile phone 300k further includes the authentica- 
te tion unit 390, With other respect, the mobile phone 300k 
includes the same components as those included in the 
mobile phone 300. 

(Unique information Storage Unit 31 0) 

25 

[0369] The unique information storage unit 310 
prestores device unique information that is generated 
based on information unique to the mobile phone 300k. 

30 (Authentication Unit 390) 

[0370] The authentication unit 390 performs chal- 
lenge-response type mutual authentication with the au- 
thentication unit 490 of the memory card 400k, and then 
35 outputs to the control unit 366k information showing 
whether the authentication has been performed suc- 
cessfully or unsuccessfully. 

(Control Unit 366k) 

40 

[0371] The control unit 366k receives from the au- 
thentication unit 390 the information indicative of either 
successful authentication or unsuccessful authentica- 
tion. 

45 [0372] Upon receipt of information indicative of suc- 
cessful authentication, the control unit 366k selectively 
instructs either the first encryption/decryption unit 382 
orthethirdencryption/decryption unit 383 to perform en- 
cryption/decryption processing. The selection of the two 

50 encryption/decryption units is made according to the 
unique information type. 

(First Encryption/Decryption Unit 332) 

55 [0373] The first encryption/decryption unit382hasthe 
construction similar to that of the encryption/decryption 
unit 380. 

[0374] That is, the first encryption/decryption unit 382 
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encrypts the content using the device unique informa- 
tion to generate an encrypted content. Further, the first 
encryption/decryption unit 382 decrypts the encrypted 
content that has been read from the memory card 400k 
using the device unique Information to generate the con- 
tent. 

(Third Encryption/Decryption Unit 383) 

[0375] The third encryption/decryption unit 383 reads 
the medium unique information stored in the second ex- 
ternal storage unit 411k included in the memory card 
400k, 

[0376] Upon encryption, the third encryption/decryp- 
tion unit 383 encrypts the content using the read medi- 
um unique information as a key to generate an encrypt- 
ed content, and stores the encrypted content in assoei- 
ation with the unique information type showing "medium 
unique" type into the first external storage unit 412k of 
the memory card 400 k. 

[0377] Upon decryption, the third encryption/decryp- 
tion unit 383 uses the read medium unique information 
as a key to decrypt the encrypted content that has been 
read from the first external storage unit 41 2k, thereby to 
generate the content 

(4) Operations of Digital Work Distribution System 100k 

[0378]r Now, description is given to the operations of 
the digital work distribution system 100k with reference 
to the flowcharts shown in FIGs. 35 and 36, 
[0379fc First, description is given to the operations per- 
formed. when the mobile phone 300k obtains a content 
and whites the content into the memory card 400k. 
[0380] The mobile phone 300k transmits to the con- 
tent distribution server device 200k the content iD iden- 
tifying the content to be obtained (step S421 ). The con- 
tent distribution server device 200k extracts from the 
content information table 620 the content information 
having the same content ID as the received content ID 
(step 3422), and transmits the content and the type of 
unique information that are included in the extracted 
content information to the mobile phone 300k (step 
S423). 

[0381] The authentication unit 390 performs mutual 
authentication with the memory card 400k (step S424). 
When the mutual authentication is successfully per- 
formed (step S425, YES), the controi unit 366k receives 
the content and the type of unique information. When 
judgingthat the type of unique information that has been 
received shows "device unique" type (step S426), the 
control unit 3 66k instructs the first encrypt ion/decryption 
unit 382 to perform encryption processing. In response, 
the first encryption/decryption unit 382 reads the device 
unique information from the unique information storage 
unit 310 (step S427), and reads the content from the 
internal storage unit 303. The first encryption/decryption 
unit 382 then encrypts the read content using the device 



unique information as a key (step S428), and stores the 
encrypted content in association with the type of unique 
information showing the "device unique" type into the 
first external storage unit 41 2k of the memory card 400k 

s (step S429). 

[0382] Alternatively, when judging that the type of 
unique information shows "medium unique" type (step 
S426), the control unit 366k instructs the third encryp- 
tion/decryption unit 383 to perform encryption process- 

fo ing J in response, the third encryption/decryption unit 383 
reads the medium unique information from the second 
external storage unit 41 1 k included in the memory card 
400k (step S430), and reads the content from the inter- 
nal storage unit 303. The third encryption/decryption 

15 unit 383 then encrypts the read content using the read 
medium unique information as a key (step 8431), and 
stores the encrypted content In association with the type 
of unique information showing the "medium unique" 
type into the first external storage unit 412k included in 

20 the memory card 400k (step S432). 

[0383] In the case where the mutual authentication 
between the memory card and the authentication unit 
390 has failed (step S425, NO), the processing is termi- 
nated at this stage. 

2S [0384] Next, description is given to the processing 
performed when the mobile phone 300k decrypts to play 
back the encrypted content stored in the memory card 
400k, 

[0385] The authentication unit 390 of the mobile 
so phone 300k performs mutual authentication with the 
memory card 400k (step S441). When the mutual au- 
thentication is successful performed (step S442, 
YES), the read unit reads the encrypted content togeth- 
er with the type of unique information from the first ex- 
35 ternal storage unit 412k included in the memory card 
400k, and outputs the type of unique information to the 
control unit 386k (steps 443). Upon receipt of the type 
of unique information, the control unit 366k judges 
whether the received type information shows the "de- 
40 vice unique" type or the "medium unique" type (step 
S444). When judging the type of unique information is 
"device unique", the control unit 366k instructs the first 
encryption/decryption unit 382 to perform decryption 
processing (step S445). In response, the first encryp- 
ts tion/decryption unit 382 reads the device unique infor- 
mation from the unique Information storage unit 310 
(step S445), and receives the encrypted content from 
the read unit 350, The first encryption/decryption unit 
382 then decrypts the encrypted content using the read 
so device unique information as a key (step S446), and 
writes the decrypted content into the internal storage 
unit 303. Then, the playback unit 304 plays back the 
content (step S447). 

[0386] Alternatively, when judging in the step S444 
55 that the type of unique information is "medium unique", 
the control umt 366k instructs the third encryption/de- 
cryption unit 383 to perform decryption processing. In 
response, the third encryption/decryption unit 383 reads 
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via the read unit 350, the medium unique information 
from the second externa! storage unit 411k included in 
the memory card 400k (step S448), and receives the 
encrypted content from the read unit 350. The third en- 
cryption/decryption unit 383 then decrypts the encrypt- 
ed content using the read medium unique information 
(step 3449) r and writes the decrypted content into the 
internal storage unit 303. Then, the playback unit 304 
plays back the content (step S450). 

8- RECAPITULATION 

{0387] As described above, the present invention is 
directed to a digital work protection system that is for 
recording and playing back contents i.e., digital works, 
and that is composed of a main device and a recording 
medium device attachable to and detachable from the 
main device. The main device includes: an internal stor- 
age area for storing a content; a unique information stor- 
age area for storing unique information that is unique to 
the main device; an encryption unit that encrypts the 
content stored in the internal storage area using the 
unique information stored in the internal storage area; 
a write unit that writes the content encrypted by the en- 
cryption unit into the recording medium device; a read 
unitfor reading the encrypted content from the recording 
medium device; a decryption unit that decrypts the en- 
crypted content having read by the read unit; and a play- 
back unit that plays-back the content. The recording me- 
dium device has an external storage area for storing the 
encrypted content that is written by the write unit of the 
main device or read by the read unit of the main device. 
[038S] Here, the encryption unit of the main device en- 
crypts the title key that is unique to the content using the 
unique information, and encrypts the content using the 
tjtie key. The write unit writes the encrypted content and 
the encrypted title key both encrypted by the encryption 
unit into the recording medium device. The read unit 
reads the encrypted content and the encrypted title key 
from the recording medium device. The decryption unit 
decrypts the encrypted title key using the unique infor- 
mation, and decrypts the encrypted content using the 
decrypted title key. The recording medium device stores 
the encrypted content and the encrypted title key that 
are read by the read unit of the main device or read by 
the read unit of the main device. 
[0389] Here : the main device further includes: a us- 
age condition storage area and a usage condition judg- 
ment unit. The usage condition storage area stores us- 
age condition data for the content, and the usage con- 
dition judgment unit judges, according to the usage con- 
dition data, whether to play back the content, 
[0390] Here : the main device further includes an au- 
thentication unit. The recording medium device includes 
an authentication unit The external storage area in- 
cludes a first external storage area and a second exter- 
nal storage area. Prior to the main device writes the en- 
crypted title key into the recording medium device or the 



main device reads the encrypted title key from the re- 
cording medium device, the authentication unit of the 
main device authenticates the recording medium device 
and the authentication unit of the recording medium de- 

s vice authenticates the main device. When both the au- 
thentication operations are performed successfully, the 
writing or the reading of the encrypted title key is per- 
formed- The recording medium device stores the en- 
crypted content and the encrypted title key into the first 

10 external storage area and the second external storage 
area, respectively. 

[0391] Here, the main device further includes a usage 
condition judgment unit. Prior to the main device writes 
usage condition data for the content into the recording 

is medium device orthe main device reads the usagecon- 
dition data from the recording medium device, the au- 
thentication unit of the main device authenticates the re- 
cording medium device and the authentication unit of 
the recording medium device authenticates the main de- 

20 vice. When both the authentication operations are sue- 
cessful the writing orthe reading of the usage condition 
data is performed. The usage condition judgment unit 
judges whether to play back the content according to 
the usage condition data. The recording medium device 

25 stores the usage condition data into the second external 
storage area, 

[0392] Here, the usage condition data includes infor- 
mation for limiting the number of times permitted to play 
back the content, Information for limiting the time period 
so permitted to play back the content, or information for lim- 
iting the total time permitted to play back the content 
[0393] Here, the main device further includes a con- 
tent purchasing unit and a content receiving unit. The 
content purchasing unit purchases a contentfrom an ex- 
35 ternaf source. The content receiving unit receives the 
content that has been purchased to store the received 
content into the internal storage area. 
[0394] Here, the main device further includes a con- 
tent judgment unit. The content judgment unit judges 
40 whether the content stored in the internal storage unit is 
permitted to be encrypted by the encryption unit using 
the unique information and to be written by the write unit 
into the recording medium device. 
[0395] Here, the main device further includes a re- 
45 cording medium device-judgment unit. The recording 
medium device-judgment unit judges whether a record- 
ing medium device attached to the main device is the 
recording medium device that ispermittedto encryptthe 
content stored in the internal storage area with the en- 
50 cryption unit using the unique information and to write 
the encrypted content with the write unit into the record- 
ing medium device. 

[0396] Here, the unique information storage area and 
the usage condition storage area are write-protected 
55 and read-protected against any external devices other 
than a model change device that is specifically permitted 
to read or write the unique information and the usage 
condition data. 
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[0397] In another aspect, the present invention is di- 
rected to a main device which a recording medium de- 
vice is attachable to or detachable from. The main de- 
vice includes: an internal storage area that stores a con- 
tent; a unique information storage area that stores 
unique information being unique to the main device; an 
encryption unit that encrypts a title key being unique to 
the content using the unique information and encrypts 
the content using the titje key; a write unit that writes the 
encrypted content and the encrypted title key both en- 
crypted by the encryption unit; a read unit that reads the 
encrypted content and the encrypted title key from the 
recording medium device; a decryption unit that de- 
crypts the encrypted title key using the unique informa- 
tion and decrypts the encrypted content using the de- 
crypted title key; and a playback unit that plays back the 
content. 

[0398] Here : the main device further includes an au- 
thentication unit. Prior to the main device writes the en- 
crypted title key into the recording medium device or 
reads the encrypted title key from the recording medium 
device, the authentication unit of the main device per- 
forms mutual authentication with the recording medium 
device. The writing or the reading of the encrypted title 
key is performed only when the mutual authentication is 
successful. 

[0399]. In another aspect, the present invention is di- 
rected^ a recording medium device that is attachable 
to or detachable from a main device. The recording me- 
dium device has an external storage area for storing an 
encrypted content and an encrypted title key that are 
wrtttearor read by a write unit of the main device or a 
read usilt of the main device, 

[0400]--- Here, the recording medium device further in- 
cludes^ authentication unit. Prior to the main device 
writes the encrypted title key into the recording medium 
device or reads the encrypted title key from the record- 
ing medium device, the authentication unit of recording 
medium device performs mutual authentication with the 
main device. The encrypted title key is written into the 
second external storage area only when the mutual au- 
thentication is successful. 

[0401] In another aspect, the present invention in- 
cludes a unique information read/write unit that is spe- 
cifically permitted to read unique information from the 
unique information storage area of a first main device, 
and write the read unique information into the unique 
information storage unit of a second mam device. 
[0402] Here : the model change device further in- 
cludes a usage condition read/write unit that is specifi- 
cally permitted to read usage condition data from the 
usage condition storage area of the first main device to 
write the read usage condition data into the usage con- 
dition storage area of the second main device provided 
that each of the first main device and the second main 
device separately has the usage condition storage area. 
[0403] Here, the model change device is connected 
to the main device via a network on a regular basts or 



when necessary. The main device further includes a 
model change information-judgment unit that judges the 
authenticity of the model change information. The model 
change device transmits the model change information 

s to the main device according to contract condition data 
of the main device. The model change information-judg- 
ment unit of the main device judges the authenticity of 
the received model change information. The model 
change device further includes a unique information 

10 read/write unit. When the authenticity ol the received 
model change information is established by the model 
change information -judgment unit p the unique informa- 
tion read/write unit writes the unique information that is 
included in the model change information and that is 

is unique to the main device into the unique information 
storage unit of the main device, or deletes the unique 
information. 

[0404] Here, a second recording medium device Is at- 
tached to the main device. The second recording medi- 
cs um device includes: a unique information storage area 
for storing the unique information of the main device; 
and a unit used to attach the second recording medium 
device having been attached to the first main device to 
the second main device. 

2s [0405] in a digital work protection system, a main de- 
vice, a recording medium device, and a model change 
device that are consistent with the present invention, the 
internal storage area of the main device inmost cases 
is limited in its memory capacity. Thus, this limitation 

30 conventionally results In the following problem. That is, 
when the internal storage area is full of digital works, the 
user is required to delete some of the digital .works 
stored m the internal storage area to secure a free mem- 
ory space before purchasing another digital work, or the 

35 user is required to simply give up purchasing another 
digital work. According to the present invention, howev- 
er, the user is allowed to store some of the digital works 
stored in the internal storage unit Into a recording medi- 
um device attached to the main device when he decides 

40 not to use the digital works anytime soon, In this way, a 
free memory space is secured in the internal storage 
area of the main device without losing the rights to play 
back the purchased digital works. Consequently, anoth- 
er digital work may be purchased. 

45 [0406] Further, with the above construction, when an 
encrypted content is stored into a recording medium de- 
vice by a certain main device, the encrypted content is 
not possibly decrypted or played back by any other main 
device although the recording medium device is at- 

so tached thereto. That is, the present invention achieves 
an effect of meeting copyholders' demand that a content 
stored into a recording medium device using a main de- 
vice be prohibited from being decrypted or played back 
using any other main device although the recording me- 

55 dtum device is attached thereto. 

[0407] Stiii further, the present invention achieves an 
effect that a content provided with a certain usage con- 
dition is permitted to be played back only when the us- 
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age condition is met, 

[0408] Still further, the present invention achieves the 
following effect upon model change from a certain main 
device to another main device. That is, a new main de- 
vice that replaces a current main device is permitted to 
read and piay back the contents that have been pur- 
chased and stored in a recording medium device by the 
current main device without applying processing to the 
contents. 

[0409] Up to this point, description has been given to 
the digital work distribution systems consistent with the 
present invention. Yet, it goes without saying that the 
present invention is in no way limited to those specific 
embodiments described above. For example, the fol- 
lowing constructions may be applicable, 

(1) In the embodiments above, description is given 
to the digital work distribution system employing a 
mobile phone, yet the present invention is not limit- 
ed thereto. For example, what Is applicable instead 
of a mobile phone includes an L-rnode-ready table- 
top type telephone, a portable information terminal, 
a personal computer, or a household appliance, 
such a television set, that is capable of Internet con- 
nection. 

Further, it is described thatthe content distribu- 
tion server .device 200 and the mobile phone 300 
are connected via the Internet 1 0, the mobile phone 
network 20, and the radio base station 30. Yet, the 
connection may be made In another manner. For 
example, the content distribution server and the 
portable information terminal may be connected via 
the Internet. Alternatively, the content distribution 
server device may be connected to a broadcasting 
device, so that various types of information includ- 
ing contents are broadcasted in form of broadcast 
waves. Here, a household appliance, such as a tel- 
evision set, receives the broadcast waves, and ex- 
tracts various types of information from the received 
broadcast waves. 

(2) Although DES encryption algorithm is employed 
in the embodiments described above, the applica- 
ble encryption algorithm is not limited thereto. Fur- 
ther, although the unique information used in the 
embodiments described above is a 56-bit unique 
key, the bit length is not limited thereto, 

{3) Although the content is stored into the memory 
card in the above embodiments, the present inven- 
tion is not limited thereto. For example, the content 
may be stored into a recording medium such as an 
optical disk, 

(4) Although the entire content is encrypted in the 
above embodiments, it is applicable to encrypt a 
part of the content. 



(5) In the above embodiments, the encrypted con- 
tent stored in the memory card is decrypted by the 
main device (i.e., the mobilephone in the above em- 
bodiments), and stored into the internal storage ar- 

5 ea of the main device. Yet, it is applicable to decrypt 
the encrypted content stored in the memory card by 
the main device and to play backthe decrypted con- 
tent in real time. Similarly, the content stored in the 
memory card and provided with the usage condition 

w may be decrypted by the main device. When the 
usage condition judgment unit permits the content 
to be used, the decrypted content may be played 
back the decrypted content by the playback unit in 
real time, 

15 

(6) In the above embodiments, the telephone 
number is used as the Information stored in the 
unique information storage area. Yet, the present 
invention is not limited thereto. For example, a serial 

20 number of a mobile phone may be used as long as 
the information is unique to the mobile phone. 

(7) In the above embodiments, the usage condition 
is provided on a content by content basis. Yet, the 

25 present Invention is not limited thereto. For exam- 
pie, it is applicable that usage condition permits to 
purchase up to 100 pieces of karaoke data per 
month. In this case, when the month-by-month ba- 
sis contract is cancelled, for example, the usage 

so condition- unit prohibits reproduction of the contents 
stored in the memory card or the internal storage 
area of the main device staring from the next month. 

(8) In the above embodiments, the content or the 
ss title key is always encrypted using the unique infor- 
mation and stored in the memory card. Yet, the 
present invention is not limited thereto. It is also ap- 
plicable to provide the mobile phone with a content 
judgment unit, so that it is selectable depending on 

40 the content whether to encrypt the content itself or 
the title key using the unique information, 

(9) in the above embodiments, the model change 
device moves the unique information stored in the 

45 unique information storage area of the mobile 
phone A to that of the mobile phone B. Yet, the 
present invention is not limited thereto, For exam- 
pie, the model change device may be constructed 
so as to move the purchased content stored in the 

50 internal storage area of the main device, 

(10) The mobile phone may obtain, In addition to 
the content, the content judgment information from 
the content distribution server device to store into 

55 the internal storage area. Here, the content judg- 
ment information shows whether the content is per- 
mitted in advance to be encrypted using the unique 
information and written into the memory card. 
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The mobile phone may further include the con- 
tent judgment unit The content judgment unit judg- 
es whether the content interna ify stored is permitted 
in advance to be encrypted by the encryption unit 
using the unique information and written by the write 5 
unit into the memory card, When the content is 
judged by the content judgment unit to be permitted, 
the encryption unit performs the encryption. When 
the content Is judged by the content judgment unft 
to be permitted, the write unit performs the writing. 10 

(1 1 ) The memory card may further prestore type in- 
formation showing the type of the memory card. To 
be more specific, the type of memory card used 
herein shows a type according to the outer shape is 
of the memory card, a type according to the topol- 
ogy employed for connection with the mobile 
phone, a type according to the manufacturer, a type 
according to the memory capacity, a type according 
to the storage method of information, or a type ac- 20 
cording to the access method, Further, the type in- 
formation shows whether the memory card is per- 
mitted to encrypt the content stored in the mobile 
phone using the unique information with the encryp- 
tion unit and to write the encrypted content with the 25 
write unit into the memory card, 
_ _ The mobile phone further Includes the record- 
ing medium device-judgment unit. The recording 
medium device-judgment unit judges, according to 
tte type information stored in the memory card, so 
whether a memory card attached to the mobile 
phone is the memory card that Is permitted in ad- 
vance to encrypt the content stored in the mobile 
pJtuone using the unique information with the encryp- 
tion unit and to write the encrypted content with the 35 
write unit into the memory card. 

When judging that the content is permitted by 
the recording medium device-judgment unit, the en- 
cryption unit encrypts the content When judging 
that the content is permitted by the recording medi- 40 
um device-judgment unit, the write unit writs the 
content into the memory card. 

(12) The present invention may be embodied as a 
method described above, or a computer program 45 
implementing the above method by a computer, or 
even as digital signals representing the above com- 
puter program. 

Further, the present invention may be embod- 
ied as a computer-readable medium storing the so 
computer program or the digital signals. Here, the 
computer readable medium is, for example, afloppy 
disc, a hard disc, CD-ROM, MO, DVD, DVD-ROM, 
DVD-RAM, BD (Blu-ray Disc), or semiconductor 
memory. Alternatively, the present invention may be 55 
the computer program or the digital signals that are 
stored on such recording medium as above. 

Further, the present invention may be embod- 



ied as the computer program or the digital signals 
transmitted via a telecommunications network, a 
wired or wireless communications line, a network 
exemplified by the internet, or the like. 

Still further, the present invention may be em- 
bodied as a computer system provided with a mi- 
croprocessor and memory that stores the above 
computer program, so that the microprocessor op- 
erates in accordance with the program. 

Still further, the computer program orthe digital 
signals may be recorded on any of the above re- 
cording medium and transported to another loca- 
tion. Alternatively, the computer program orthe dig- 
ital signals may be transmitted via any of the above 
networks. Thereafter, the computer program orthe 
digital signals may be executed by another, inde- 
pendent computer system. 

(13) Further, the present invention may be embod- 
ied as combinations of the above modifications. 

[0410] Although the present invention has been fully 
described by way of examples with reference to the ac- 
companying drawings, it is to be noted that various 
changes and modifications will be apparent to those 
skilled in the art. Therefore, unless such changes and 
modifications depart from the scope of the present in- 
vention, they should be construed as being included 
therein. 



Claims 

1. A digital work protection system for recording and 
playing back dig\ta\ works, comprising: 

a portable recording medium device including 
a storage area and being attached to a record/ 
playback device; and 
the record/playback device including: 

an internal storage unit operable to store a 
content that is a digital work; 
a unique information storage unit operable 
to prestore device unique information that 
is unique to the record/playback device; 
an encryption unit operable to encrypt the 
stored content based on the prestored de- 
vice unique information to generate en- 
crypted information; 

a write unit operable to write the generated 
encrypted information into the storage area 
of the recording medium device; 
a read unit operable to read the encrypted 
information from the storage area of the re- 
cording medium device; 
a decryption unit operable to decrypt the 
read encrypted information based on the 
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prestored device unique information stored 
in the unique information storage unit to 
generate a decrypted content; and 
a playback unit operable to play back the 
generated decrypted content, 5 

The digital work protection system of Claim 1, 
wherein 

the encryption unit encrypts the content using 
the device unique information as a key to generate to 
the encrypted information, and 

the decryption unit decrypts the read encrypt- 
ed information using the device unique information 
as a key, 

15 

The digital work protection system of Claim 2, 
wherein 

the record/playback device further includes: 

a condition storage unit operable to store usage 20 
condition information showing a permissive 
condition for use of the content; and 

a condition judgment unit operable to judge 
whether use of the content is permitted according 25 
to the usage condition information. 

The digital work protection system of Claim 3, 
wherein. 

Both the unique information storage unit and so 
the condition storage unit are read-protected as well 
as write-protected against any external device un- 
less the device is specifically permitted to read or 
. write the unique information and the usage condi- 
tion information. 35 

The digital work protection system of Claim 1, 
wherein 

the encryption unit generates a title key that 
is unique to the content, encrypts the generated title *o 
key using the device unique information as a key to 
generate an encrypted title key, encrypts the con- 
tent using the generated title key as a key to gen- 
erate an encrypted content, and generate the en- 
crypted information that is composed of the encrypt- *a 
ed title key and the encrypted content, 

the write unit writes the encrypted information 
that is composed of the encrypted title key and the 
encrypted content, 

the read unit reads the encrypted information 
that is composed of the encrypted title key and the 
encrypted content, 

the decryption unit decrypts the encrypted title 
key included in the read encrypted information us- 
ing the device unique information as a key to gen- # 
erate a decrypted title key, and decrypts the en- 
crypted content included in the read encrypted in- 
formation using the decrypted title key as a key to 



generate the decrypted content, and 

the recording medium device includes the 
storage area for storing the encrypted information 
that is composed of the encrypted title key and the 
encrypted content. 

I The digital work protection system of Claim 5, 
wherein 

the record/playback device further includes a 
first authentication unit operable to perform mutual 
authentication with a second authentication unit in- 
cluded in the recording medium device before the 
write unit writes the encrypted information into the 
storage area or before the read unit reads the en- 
crypted information from the storage area, 

the recording medium device further includes 
the second authentication unit operable to perform 
mutual authentication with the first encryption unit 
included in the record and playback unit, and 

the storage area includes a first storage area 
and a second storage area, the second storage ar- 
ea being writable and readable only when the mu- 
tual authentication is established by the first authen- 
tication unit, 

the write unit writes the encrypted content into 
the first storage area, and only when the mutual au- 
thentication is established by the first authentication 
unit, writes the encrypted title key into the second 
storage area, and 

the read unit reads the encrypted contentf rom • 
the first storage area, and only when the mutual au- 
thentication is established by the first authentication 
unit, reads the encrypted title key from the second 
storage area. 

7, The digital work protection system of Claim 6, 
wherein 

the record/playback device further includes: 

a condition storage unit operable to store usage 
condition information showing a permissive 
condition for use of the content; and 
a condition judgment unit operable to judge 
whether use of the content is permitted accord- 
ing to the usage condition information. 

8. The digital work protection system of Claim 7 r 
wherein 

the write unit, only when the mutual authenti- 
cation is established by the first authentication unit, 
reads the usage condition from the condition stor- 
age unit and writes the read usage condition infor- 
mation into the second storage area, 

the read unit, only when the mutual authenti- 
cation is established by the first authentication unit 
reads, the usage condition from the second storage 
area and writes the read usage condition into the 
usage condition storage unit, and 
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the condition judgment unit judges whether 
use of the content is permittee! according to the us- 
age condition information stored in the condition 
storage unit. 

5 

9. The digital work protection system of Claim 8, 
wherein 

the usage condition information stored in the 
condition storage unit shows a permitted playback 
number of times, a permitted playback period, a to 
permitted totaf playback time, a permitted number 
of times for copying the content, or a permitted 
number of times for moving the content, and 

the condition judgment unit (i) judges to play 
back the content only when the number of times of 1$ 
actual playback of the content by the playback un it 
is equal to or less than the permitted playback 
number of times, a date and time at which the con- 
tent is to be played back by the playback unit Is with- 
in the permitted playback period, and a total time of so 
actual playback is equal to or less than the permit- 
ted total playback time, (ii) judges to copy the con- 
tent to the recording medium device only when the 
permitted number of times for copying the content 
is equai to 1 or greater, and (iii) judges to move the 2s 
content to the recording medium device only when 
the permitted number of times for moving the con- 
tent is equal to 1 or greater. 

10. The digital work protection system of Claim 7, so 
wherein 

-rjr both the unique information storage unit and 
the condition storage unit are read-protected as well 
as-, write-protected against any external device un- 
less the device is specifically permitted to read or 3S 
write the unique information and the usage condi- 
tion information. 

11. The digital work protection system of Claim 6, 
wherein 40 

the record/playback device further includes 
an authentication judgment unit operable to judge 
whether the recording medium device includes the 
second authentication unit, and 

the encryption unit further encrypts the con- 4s 
tent using the device unique information as a key to 
generate the encrypted information when the re- 
cording medium device is judged not to include the 
second authentication unit, 

the write unit further writes the generated en- so 
crypted information into the storage area of the re- 
cording medium device when the recording medium 
device is judged not to include the second authen- 
tication unit, 

the read unit further reads the encrypted in- $5 
formation from the storage area of the recording 
medium device when the recording medium device 
is judged not to include the second authentication 



unit, and 

the decryption unit further decrypts the read 
encrypted information using the device unique in- 
formation as a key when the recording medium de- 
vice is judged not to include the second authentica- 
tion unit. 

12. The digital work protection system of Claim 1, 
wherein 

the record/playback device further includes: 

a content purchasing unit operable to purchase 
the content by transmitting to an external 
source payment information for paying afee for 
the content; and 

a content receiving unit operable to receive the 
content that has been purchased, and to write 
the received content into the Internal storage 
unit, 

13. The digital work protection system of Claim 1, 
wherein 

the record/playback device further includes a 
content judgment unit operable to judge whether a 
content stored in the internal storage unit is the con- 
tent that has permission received in advance for the 
encryption unit to encrypt the content based on the 
device unique information and for the write, unit to 
write the content into the recording medium device, 

the encryption unit performs the encryption 
when the content judgment unit judges the content 
to have the permission, and 

the write unit performs the writing when the 
content judgment unit judges the content to have 
the permission. 

14. The digital work protection system of Claim 1, 
wherein 

the record/playback device further includes a 
recording medium device-judgment unit operable to 
judge whether a recording medium device attached 
to the record/piayback device is the recording me- 
dium device that has permission received in ad- 
vance for the encryption unit to encrypt the content 
stored in the internal storage unit based on the de- 
vice unique information, and for the write unit to 
write the encrypted information into the recording 
medium device, and 

the encryption unit performs the encryption 
when the recording medium device-judgment unit 
judges the recording medium device to have the 
permission, and 

the write unit performs the writing when the 
recording medium device-judgment unit judges the 
recording medium device to have the permission. 

15. The digital work protection system of Claim 1, 
wherein 
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the recording medium device further 
prestores medium unique information that is unique 
to the recording medium device, 

the internal storage unit stores a unique infor- 
mation type in association with the content, the 
unique information type showing whether the con- 
tent is to be encrypted based on the device unique 
information or the medium unique information, 

the record/playback device further includes a 
unique information judgment unit operable to judge, 
according to the unique information type stored in 
the internal storage unit, whether the content is to 
be encrypted based on the device unique informa- 
tion or the medium unique information, 

the encryption unit (i) encrypts the content 
based on the device unique information to generate 
the encrypted information when the unique informa- 
tion judgment unit judges the content to be encrypt- 
ed based on the device unique information, and (ii) 
reads the medium unique information from the re- 
cording medium device to encrypt the content 
based on the read medium unique information to 
generate the encrypted information when the 
unique information judgment unit judges the con- 
tent to be encrypted based on the medium unique 
information, 

the decryption unit (!) decrypts the read en- 
crypted information based on the device unique in- 
formation to generate the decrypted content when 
the unique information judgment unit judges the 
content to be encrypted based on the device unique 
information, and (ii) reads the medium unique infor- 
mation from the recording medium device to de- 
crypt the read encrypted information with the use of 
the read medium unique information to generate the 
decrypted content when the unique information 
judgment unit judges the content to be encrypted 
based on the device unique information. 

16. A record/playback device for recording a content 
that is a digital work into a portable recording medi- 
um device and for playing back the content, com- 
prising: 

an internal storage unit operable to store a con- 
tent that is a digital work; 
a unique information storage unit operable to 
prestore device unique information that is 
unique to the record/playback device; 
an encryption unit operable to encrypt the 
stored content based on the prestored device 
unique information to generate encrypted infor- 
mation; 

a write unit operable to write the generated en- 
crypted information into a storage area of the 
recording medium device; 
a read unit operable to read the encrypted in- 
formation from the storage area of the record- 



ing medium device; 

a decryption unit operable to decrypt the read 
encrypted information based on the prestored 
device unique information stored in the unique 
5 information storage unit to generate a decrypt- 

ed content; and 

a playback unit operable to play back the gen- 
erated decrypted content, 

10 17, The record/playback device of Claim 16, wherein 
the encryption unit encrypts the content using 
the device unique information as a key to generate 
the encrypted information, and 

the decryption unit decrypts the read encrypt- 

15 ed 

information using the device unique informa- 
tion as a key. 



18, The record/playback device of Claim 16, wherein 
20 the encryption unit generates a title key that 

is unique to the content, encrypts the generated title 
key using the device unique information as a key to 
generate an encrypted title key, encrypts the con- 
tent using the generated title key as a key to gen- 
25 erate an encrypted content, and generate the en- 
crypted information that is composed of the encrypt- 
ed title key and the encrypted content, 

the write unit writes the encrypted information 
that is composed of the encrypted title key and the 
30 encrypted content, 

the read unit reads the encrypted information 
that is composed of the encrypted title key and the 
encrypted content, and 

thedecryption unit decrypts the encrypted title 
35 key included in the read encrypted information us- 
ing the device unique information as a key to gen- 
erate a decrypted title key, and decrypts the en- 
crypted content included in the read encrypted in- 
formation using the decrypted title key as a key to 
40 generate the decrypted content. 

19. The record/playback device of Claim 18, further 
comprising a first authentication unit operable to 
perform mutual authentication with a second au- 
45 thentlcation unit included In the recording medium 
device before the write unit writes the encrypted in- 
formation into the storage area or before the read 
unit reads the encrypted information from the stor- 
age area, and wherein 
$o the recording medium device further includes 

the second authentication unit operable to perform 
mutual authentication with the first encryption unit 
included in the record and playback unit, 

the storage area includes a first storage area 
55 and a second storage area, the second storage ar- 
ea being writable and readable only when the mu- 
tual authentication is established by the first authen- 
tication unit, 
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the write unit writes the encrypted content into 
the first storage area, and only when the mutual au- 
thentication is established by the first authentication 
unit writes the encrypted title key into the second 
storage area, and 

the read unit reads the encrypted content from 
the first storage area, and only when the mutual au- 
thentication is established by the first authentication 
unit reads the encrypted title key from the second 
storage area. 

20. A portable recording medium device that includes 
a storage area for storing encrypted information and 
that is attached to a record/playback device, where- 
in 

the record and playback includes: 

an internal storage unit an Internal storage unit 
operable to store a content that Is a digital work; 
a unique information storage unit operable to 
p restore device unique information that is 
unique to the record/pfayback device; 
an encryption unit operable to encrypt the 
stored content based on the presto red device 
unique information to generate encrypted infor- 
mation; 

a write unit operable to write the generated en- 
-y. cry pied information into the storage area of the 
p L" recording medium device; 
t? a read unit operable to read the encrypted in- 
■r- formation from the storage area of the record- 

ing medium device; 
^ a decryption unit operable to decrypt the read 
zst encrypted information based on the prestored 
si- device unique information stored in the unique 
information storage unit to generate a decrypt- 
ed content; and 

a playback unit operable to play back the gen- 
erated decrypted content 

21. The recording medium device of Claim 20, wherein 

the encryption unit encrypts the content using 
the device unique information as a key to generate 
the encrypted information, and 

the decryption unit decrypts the read encrypt- 
ed 

information using the device unique informa- 
tion as a key 

22. The recording medium device of Claim 20, wherein 

the encryption unit generates a title key that 
is unique to the content, encrypts the generated title 
key using the device unique information as a key to 
generate an encrypted title key, encrypts the con- 
tent using the generated title key as a key to gen- 
erate an encrypted content, and generate the en- 
crypted information that Is composed of the encrypt- 
ed title key and the encrypted content 



the write unit writes the encrypted information 
that is composed of the encrypted title key and the 
encrypted content, 

the read unit reads the encrypted information 
that is composed of the encrypted title key and the 
encrypted content, 

the decryption unit decrypts the encrypted title 
key included in the read encrypted information us- 
ing the device unique information as a key to gen- 
erate a decrypted title key, and decrypts the en- 
crypted content included in the read encrypted in- 
formation using the decrypted title key as a key to 
generate the decrypted content, and 

the recording medium device includes the 
storage area for storing the encrypted information 
that is composed of the encrypted title key and the 
encrypted content, 

23. The recording medium device of Claim 22, wherein 

the record/playback device further includes a 
first authentication unit operable to perform mutual 
authentication with a second authentication unit in- 
cluded in the recording medium device before the 
write unit writes the encrypted information into the 
storage area or before the read unit reads the en- 
crypted information from the storage area, 

the recording medium device further includes 
the second authentication unit operable to perform 
mutual authentication with the first encryption unit 
included in the record and playback unit, 

the storage area includes a first storage area 
and a second storage area, the second storage ar- 
ea being writable and readable only when the mu- 
tual authentication is established by the first authen- 
tication unit, 

the write unit writes the encrypted content into 
the first storage area, and only when the mutual au- 
thentication is established by the first authentication 
unit, writes the encrypted title key into the second 
storage area, and 

the read unit reads the encrypted content from 
the first storage area, and only when the mutual au- 
thentication is established by the first authentication 
unit, reads the encrypted title key from the second 
storage area. 

24. A model change device used for replacing a first 
record/playback device with a second record/play- 
back device due to change in a contract between a 
user and a service provider, the first record/play- 
back device being usable under the contract, 
wherein 

the first record playback device includes: 

a first internal storage unit operable to store a 
content that is a digital work; 
a first unique information storage unit operable 
to prestore device unique information that is 
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unique to the first record/playback device; 
a first encryption unit operable to encrypt the 
content stored in the first Internal storage unit 
based on the device unique information stored 
in the first unique information storage unit to s 
generate encrypted information; 
a first write unit operable to write the generated 
encrypted information into a storage area of a 
recording medium device, 

a first read unit operable to read the encrypted 10 
information from the storage area of the record- 
ing medium device; 

a first decryption unit operable to decrypt the 
read encrypted information based on the de- 
vice unique information stored in the first 75 
unique information storage unit to generate a 
decrypted content; and 

a first playback unit operable to play back the 
generated decrypted content, 

20 

the recording medium device includes the 
storage area for storing the encrypted information, 
the second record/playback device includes: 

a second internal storage unit that includes an 25 
internal storage area for storing a content that 
is a digital work; 

a second unique information storage unit that 
includes an internal storage area for storing de- 
vice unique information; 30 
a second encryption unit operable to encrypt 
the content stored in the second internal stor- 
age unit based on the device unique informa- 
tion stored in the second unique information 
storage unit to generate encrypted information; 35 
a second write unit operable to write the gen- 
erated encrypted information into the storage 
area of the memory device, 
a second read unit operable to read the en- 
crypted information from the storage area of the *o 
memory device; 

a second decryption unit operable to decrypt 
the read encrypted information based on the 
device unique information stored in the second 
unique Information storage unit to generate a *s 
decrypted content; and 

a second playback unit operable to play back 
the generated decrypted content, and the mod- 
el change device includes: 

50 

athird read unit operable to read the device 
unique information stored in thefirst unique 
information storage unit, and delete the de- 
vice unique information from the first 
unique information storage unit; and 55 
a third write unit operable to write the read 
device unique information into the second 
unique information storage unit. 



25. The model change device of Claim 24, wherein 
the first record and playback unit further includes: 

a first condition storage unit operable to store 
usage condition information showing a permis- 
sive condition for use of the content; and 
a first condition judgment unit operable to judge 
whether use of the content is permitted accord- 
ing to the usage condition information stored in 
the first condition storage unit, and 

the second record/playback device further in- 
cludes; 

a second condition storage unit having an in- 
ternal storage area for storing usage condition 
a permissive condition for use of the content; 
and 

a second condition judgment unit operable to 
judge whether use of the content is permitted 
according to the usage condition information 
stored in the second condition storage unit, 

thethird read u nit further reads the usage con- 
dition information stored in the first condition stor- 
age unit, and deletes the usage condition informa- 
tion from the first condition storage unit, and 

thethird write unit writes the read usage con- 
dition information to the second condition storage 
unit. 

26. The model change device of. Claim 24, wherein 
the first record/playback device and the sec- 
ond record/playback device are separately con- 
nected to the model change device via a network, 

the third read unit performs the reading and 
the deletion of the device unique information stored 
in the first unique information storage unit via the 
network, and 

thethird write unit performs the writing of the 
read device unique information into the second 
unique information storage unit via the network. 

27. A model change device used for canceling a record/ 
playback device that has been usable under a con- 
tract between a user and a service provider, where- 
in 

the record/playback device includes: 

an internal storage unit operable to store a con- 
tent that is a digital work; 
a unique information storage unit operable to 
prestore (i) device unique information that is 
unique to the record/playback device and (H) 
: contract information regarding the contract, the 

device unique information being independent 
of the contract information; 
an encryption unit operable to encrypt the con- 
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tent stored in the internal storage unit based on 
the device unique information stored in the 
unique information storage imitto generate en- 
crypted information; 

a write unit operable to write the generated en- 5 
crypted information into a storage area of a re- 
cording medium device; 
a read unit operable to read the encrypted in- 
formation from the storage area of trie record- 
ing medium device; - 10 
a decryption unit operable to decrypt the read 
encrypted information based on the device 
unique information stored in the unique infor- 
mation storage unit to generate a decrypted 
content; and is 
a playback unit operable to play back the gen- 
erated decrypted content, 

the recording medium device includes the 
storage area for storing the encrypted information, 
and 

the modei change device includes: 

a read unit operable to read the contract infor- 
mation from the unique information storage 
unit; and 

, a cancellation unit operable to perform 
~ processing to cancel the contract with refer- 
as ence to the read contract information. 

A:;model change device used for changing a first 
contract under which a record/playback device is 
usable to a second contract, the first contract being 
m_ade between a user and a first service provider 
aftd the second contract being made between the 
user and a second service provider, wherein the 
record/playback device includes: 

an internal storage unit operable to store a con- 
tent that is a digital work; 
a unique information storage unit operable to 
store (i) device unique Information that is 
unique to the record/playback device and (it) 
first contract information regarding the first con- 
tract, the device unique information being inde- 45 
pendent of the contract information; 
an encryption unit operable to encrypt the con- 
tent stored in the internal storage unit based on 
the device unique information stored in the 
unique information storage unit to generate en- so 
crypted information; 

a write unit operable to write the generated en- 
crypted information into a storage area of a re- 
cording medium device; 

a read unit operable to read the encrypted in- 55 
formation from the storage area of the record- 
ing medium device; 

a decryption unit operable to decrypt the read 
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encrypted information based on the device 
unique information stored in the unique infor- 
mation storage unit to generate a decrypted 
content; and 

a playback unit operable to play back the gen- 
erated decrypted content, 

the recording medium device includes the 
storage area for storing the encrypted information, 
and 

the model change device includes: 

a read unit operable to read the first contract 
information from the unique information stor- 
age unit; 

a contract cancellation and change unit opera- 
ble to perform processing to cancel the first 
contract with reference to the read first contract 
information, and perform processing to make 
the second contract to generate second con- 
tract information regarding the second contract; 
and 

a write unit operable to write the generated sec- 
ond contract information into the unique infor- 
mation storage unit, and delete the first contract 
information from the unique information stor- 
age unit. 

29. A model change device used for replacing a first 
record/playback device with a second record/play- 
back device due to change in a contract made be- 
tween a user and a service provider, the first record/ 
playback device being usable under the contract, 
wherein 

the first record playback device includes: 

a first internal storage unit operable to store a 
content that is a digital work; 
a first unique information storage unit operable 
to prestore device unique information that is 
unique to the user, the first unique information 
storage unit being detachable from the first 
record/playback device; 
a first encryption unit operable to encrypt the 
content stored in the first internal storage unit 
based on the device unique information stored 
in the first unique information storage unit to 
generate encrypted information; 
a first write unit operable to write the generated 
encrypted information into a storage area of a 
recording medium device, 
a first read unit operable to read the encrypted 
information from the storage area of the record- 
ing medium device; 

a first decryption unit operable to decrypt the 
read encrypted information based on the de- 
vice unique information stored in the first 
unique information storage unit to generate a 
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decrypted content; and 

a first playback unit operable to play back the 
generated decrypted content, 

the recording medium device includes the s 
storage area for storing the encrypted information, 

the model change device includes an attach- 
ment and detachment unit operable to detach the 
first unique information storage unit from the first 
record/playback device and attach the detached to 
first unique information storage unit to the second 
record/playback device, and 

the second record/playback device includes: 

a second internal storage unit that includes an 15 
internal storage area for storing a content that 
is a digital work; 

a second encryption unit operabie to encrypt 
the content stored In the second internal stor- 
age unit based on the device unique informa- 20 
tion stored in the first unique information stor- 
age unit to generate encrypted information; 
a second write unit operable to write the gen- 
erated encrypted information into the storage 
area of the recording medium device, 25 
a second read unit operable to read the en- 
crypted information from the storage area of the 
recording medium device; 
a second decryption unit operabie to decrypt 
the read encrypted information based on the so 
device unique information stored in the first 
unique information storage unit to generate a 
decrypted content; and 

a second playback unit operabie to play back 
the generated decrypted content. 35 

30. A record and playback method for use in a record/ 
playback device that stores a content being a digital 
work into a portable recording medium device and 
piays back the content, 40 

the recording medium device including a stor- 
age area and being attached to the record/playback 
device, 

the record/playback device including; 

45 

an internal storage unit operable to store a con- 
tent that is a digital work; and 
a unique information storage unit operable to 
prestore device unique information that is 
unique to the record/playback device, and 50 

the record and playback method comprising: 

an encryption step of encrypting the stored con- 
tent based on the prestored device unique in- 55 
formation to generate encrypted information; 
a write step of writing the generated encrypted 
information into the storage area of the record- 



ing medium device; 

a read step of reading the encrypted informa- 
tion from the storage area of the recording me- 
dium device; 

a decryption step of decrypting the read en- 
crypted information based on the prestored de- 
vice unique information stored in the unique in- 
formation storage unit to generate a decrypted 
content; and 

a playback step of playing back the generated 
decrypted content. 

31- A record and playback program for use in a record/ 
playback device that stores a content being a digital 
work into a portable recording medium device and 
plays back the content, 

the recording medium device including a stor- 
age area and being attached to the record/playback 
device, 

the record/playback device including: 

an internal storage unit operabieto store aeon- 
tent that is a digital work; and 
a unique information storage unit operable to 
prestore device unique Information that is 
unique to the record/playback device, and 

the record and playback program comprising: 

an encryption step of encrypting the stored con- 
tent based on the prestored device unique in- 
formation to generate encrypted information; 
a write step of writing the generated encrypted 
information into the storage area of the record- 
ing medium device; 

a read step of reading the encrypted informa- 
tion from the storage area of the recording me- 
dium device; 

a decryption step of decrypting the read en- 
crypted information based on the prestored de- 
vice unique information stored in the unique in- 
formation storage unit to generate a decrypted 
content; and 

a playback step of playing back the generated 
decrypted content. 

32, A computer readable recording medium storing a 
record and playback program for use in a record/ 
playback device that stores a content being a digital 
work into a portable recording medium device and 
plays back the content, 

the recording medium device including a stor- 
age area and being attached to the record/playback 
device, 

the record/playback device including: 

an internal storage unit operabie to store a con- 
tent that is a digital work; and 
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a unique information storage unit operable to 
prestore device unique information that is 
unique to the record/playback device, and 

the record and playback program comprising: 5 

an encryption step of encrypting the stored con- 
tent based on the prestored device unique in- 
formation to generate encrypted information; 
a write step of writing the generated encrypted 1Q 
information into the storage area of the record- 
ing medium device; 

a read step of reading the encrypted informa- 
tion from the storage area of the recording me- 
dium device; is 
a decryption step of decrypting the read en- 
crypted Information based on the prestored de- 
vice unique information stored in the unique in- 
formation storage unit to generate a decrypted 
content; and 20 
a playback step of playing back the generated 
decrypted content. 
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FIG. 7 
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